I am not going to say “I told you so”

I generally find it extremely irritating when people turn to me and, usually with a smug look, say “I told you so,” so that won’t happen here. With little additional comment I will merely draw your attention to a report which was released in the USA last month.

First point: it was produced by a body called the “Coalition for a Secure and Transparent Internet”. Its mission is to“advocate before U.S. and EU policymakers, ICANN, registrars, registries, and other stakeholders about the importance of open access to WHOIS data.”

Slightly surprised the word “accurate” does not appear between “to” and “WHOIS” but for most sensible people I guess that would be implied.

Congressman Robert Latta asked several US Federal Agencies for their views on the state of play with WHOIS, referring specifically to the current Covid crisis. This, inevitably, raised broader issues.

In September CTSI published the replies the Congressman had received. Below are a few choice extracts.

From the Food and Drug Administration

“Access to WHOIS information has been a critical aspect of FDA’s mission to protect
public health. Implementation of the E.U. General Data Protection Regulation (GDPR)
has had a detrimental impact on FDA’s ability to pursue advisory and enforcement
actions as well as civil and criminal relief in our efforts to protect consumers and patients.”

From the Federal Trade Commission

You also highlighted your concerns that the implementation of the
European Union’s General Data Protection Regulation (“GDPR”) has negatively affected the ability of law enforcement to identify bad actors online. I share your concerns about the impact of COVID-19 related fraud on consumers, as well as the availability of accurate domain name registration information.”

From Homeland Security

“HSI views WHOIS information, and the accessibility to it, as critical information required to advance HSI criminal investigations, including COVID-19 fraud. Since the implementation of GDPR, HSI has recognized the lack of availability to complete WHOIS data as a significant issue that will continue to grow. If HSI had increased and timely access to registrant data, the agency would have a quicker response to criminal activity incidents and have better success in the investigative process before criminals move their activity to a different domain.”

From the Department of Justice/FBI

“…greater WHOIS access for law enforcement would increase the effectiveness
of… investigations by identifying illicit activity in specific areas, and would assist in
disrupting and dismantling criminal organizations.”

How did we ever get to this?

That is an excellent question. I’m glad someone asked it.

I agreed about the need for ICANN to be given complete independence from the US Federal Government. But the Obama Administration handed over control without dotting the i’s and crossing the t’s. They left ICANN with the ability to abandon or substantially modify their historic mission, at least in respect of WHOIS.

Once free of a potential corrective intervention by the US Federal Governmenet ICANN became ever more obviously a trade association, a racket.

The public interest always comes second to Registrars’, Registries’ and their symbiotic co-dependent’s (ICANN’s) financial interests.

ICANN has weakened WHOIS, not strengthened it. They have reduced the obligations to ensure WHOIS data are accurate and that also means up to date. Link that with other real world developments about how the internet is being managed, and by whom, and anyone with two brain cells can see the future. But that won’t stop the Registrars, Registries and ICANN from dragging things out for as long as possible. Delay for them is the same as money. And money is what it is all about.

Could the US Government reverse its decision and take ICANN back under its wing? Probably not, but if it were shown ICANN acted in bad faith from the get-go, with no serious intention ever to fulfill or keep to the terms of the “Affirmation of Commitments”…. then what?

Who was asleep at which wheel?

The EU must take its share of the blame for what happened next, at least insofar as it concerns WHOIS.

In the four years or more between the draft GDPR being published and it being adopted as a final, legal instrument, none of the following words were uttered, never mind discussed, anywhere at any time in Brussels, at least not in any public meetings where minutes were taken and later published. Those words were: ICANN, Registrars, Registries, Registrants and WHOIS.

It’s not that the EU took its eye off the ball. They never had their eye on it. It was only after the event that officials went in to bat to limit the damage once the scale of ICANN’s impudent ambition became apparent. Why was it necessary for them to do that? Because ICANN had adopted an interpretation of GDPR rules which would never have been possible if those rules had been properly drawn up in the first place. And that interprtetation is the reason for those comments shown above.

Finally, here is the other nagging question. If EU bureacrats were not over-familiar with ICANN’s quaint ways and hidden intentions. If they had been lobbied, seduced, hoodwinked or neutralized by the hype, where were the cops and the governments?

A perfect smokescreen

Mainstream media journalists’ eyes glaze over at the first mention of ICANN’s recondite terminology. They shy away when they hear about the glacial pace at which things happen in obscure, acronym-heavy sub-committees. That creates a perfect smokescreen.

Nobody comes out of this covered in glory, other than the Registrars, Registries and their servants the ICANN bureaucracy. They got exactly what they wanted. Perhaps“glory” is the wrong word here?

A friend of mine who was once utterly immersed in ICANN and similar bodies, e.g. the IGF, reflected how, in the early days, there was a group of high-minded, public spirited people who flew around the world convinced their personal engagement with this still relatively “new thing”, the internet, and the participatory bodies which it was spawning e.g. ICANN and the IGF, was truly going to reshape that world and make it a better place. “Noblesse oblige”. Then they woke up and realised they’d been had.

Posted in Uncategorized

In Parliament

On Wednesday in a “Westminster Hall “debate MPs discussed the seemingly ever-upcoming Online Harms Bill. The fact that this debate happened at all was down to the energetic engagement of Holly Lynch the Member of Parliament for Halifax, West Yorkshire. Lynch opened and closed the debate with great skill and aplomb. I’d say she’s one to watch for the future. Halifax is lucky to have her.

The debate provided MPs from all political parties an opportunity to voice the concerns of their constituents and discuss the causes they support. As is customary, the Government sent the relevant Minister to listen and respond. MPs from the Labour, Conservative, Scottish National and Democratic Unionist parties spoke. There was a surprising degree of unanimity. But there again, maybe it wasn’t so surprising.

Wails and lamentations

Everyone lamented the delay in publishing the Government’s final response to the consultation on Online Harms. The Minister said a document will be released before the end of this calendar year with a Bill to follow early in the New Year. Nothing new there then. No obvious sense of urgency.

Neither did we hear definitively whether the Bill will be subject to pre-legislative scrutiny by a Committee of both Houses of Parliament. There was a suggestion it might even be 2024 before some or all parts of the legislation become operative. See above.

Bear in mind the Green Paper that started off this whole process was first published in October 2017. Seven years is a long time in the life of a child and it is a whole generation of young children.

Support for age verification remains undimmed. Apparently.

The Government once again reiterated its support for age verification for pornography sites, insisting they want to bring social media within scope. There were references to a major research project the Government is supporting which is designed to produce reliable “age assurance” technologies. This has been mentioned before but perhaps not at such length.

The implication is we may soon see tools being released which allow for the age of children below 18 to be confirmed with a high degree of certainty. This could open up a whole new chapter in online child protection.

The changing and challenging politics of Westminster

What is clear from Wednesday’s debate and from the evolving political landscape in the UK, is Government backbenchers no longer see their frontbenchers, and in particular their Prime Minister, as a safe pair of hands or an infallible demi-god who will always deliver victory on everything, forever. Blame Covid and Brexit.

The sheen of impregnability has gone. Ministers can no longer take it for granted they can get a majority for any old rubbish the (so-called) libertarians in No 10 or scaredy-cats elsewhere in Whitehall might want to throw at them.

The mood of backbench Tory MPs matches well with the mood of MPs across the House. They want measures that will force Big Tech to do a far better job, both generally and in particular when it comes to children’s rights and the protection of children. The only way to achieve that is through laws with teeth. Whatever trust in tech might have been knocking about has been scattered to the winds by their highly visible and repeated failures. Hiring smart lawyers and lobbyists isn’t going to change that. If anything it will only heighten politicians’ determination to “get regulation done“, to coin a phrase.

Danger and opportunity in the air

It is clear that with this mood of tech militancy there is danger in the air. Some might see it as an opportunity. When a Bill finally appears in either House, unless it is up to snuff just about anything could happen. It will be a brave MP, Peer or Minister, who stands up and says “steady on, let’s not be too hard on these groovy Californians“. Who will push back or speak up for tech interests? Only themselves and a handful of marginal bodies. Think Tanks, research bodies and academics who have been significantly funded by or are or have been close to tech will need to tread with care lest their otherwise sensible insights get drowned out in accusations they have been bought and paid for.

Here is a simple statement of fact. Whatever else is might also be the internet and its associated technologies, including the devices which can be used to connect to it, are now firmly within the consumer and family market. All parts of the internet value chain have to start acting as if they unreservedly accept that. The Wild West days are well and truly over.

In the context of the internet and tech, children’s and families’ interests can no longer be discussed as if they inevitably pose a threat to free speech or political rights, either in this country or any other. I am all in favour of “striking a balance” in this as in all things, but up to now, as far as I can see, that means children’s rights and interests get overlooked or put at the back of the queue. Enough already.

Posted in Uncategorized

Kids can’t pay for the truth

In many countries advertising revenues were vital in helping keep “old-fashioned” newspapers and other types of journals alive, particularly smaller, local ones. Typically these would be in printed form but they all soon had an online counterpart.

In addition there was a vast array of smaller or specialist publications and magazines which, in varying degrees, also depended on advertising revenues.

The people employed to write for or edit the above, by and large, had learnt the trade of journalism. The importance of checking facts was dinged into them and they were bound by a code of professional ethics, reinforced by laws about liabilities.

Of course there were failures, sometimes spectacular ones, and there were always issues around how to select, interpret and present “facts”.  Typically, any bias correlated either with the individual author’s views or the owner’s interests. Minority opinions would often struggle to get an airing or a fair hearing.

What was NOT easy to find

Yet for all of its many and obvious failings, under the muddled ancien regime barefaced lies, straightforwardly insane or calculatedly manipulative explanations of  world events were NOT that easy to find, certainly not on any large scale, or via any easily accessible, readily available outlets. Self-correcting mechanisms were in place. You had to hunt for the dark side and that alone tended to keep the numbers and the level of interest down.

But look where we are now. Platforms which have starved journalism of an important part of its lifeblood, advertising revenues, have now become major promoters, conduits, providers, call it what you will, of the exact opposite of what good journalism is about. And societies all over the world are hurting because of it. In several ways.

If the internet was just a large seminar room

If the internet was just a large  University seminar room, none of this would matter, or at least not very much.

But the internet is not a seminar room. Misinformation spread to serve a specific project has huge real world effects and rarely are these pretty.  On the contrary they pose a direct threat to liberal values and democratic institutions. Global warming deniers and anti-vaxxers threaten human life itself.

Nobody should refuse to take sides

Nobody should refuse to take sides in this debate, particularly if our children risk being gulled into becoming pawns or spear carriers for incendiary, hate-filled rabble rousers  carried along by destructive ignorance.

Specifically, tech companies’ pervasiveness in the modern world means they cannot claim to be innocent ingénues, bystanders with minimal or no interest in the outcome.

Myopic Utopianism is not the answer

Saying the answer to bad speech is more speech is the kind of myopic Utopianism that was partly responsible for getting us into this mess in the first place. The answer to bad speech is don’t give it a megaphone. Apologising afterwards just won’t do.

It’s easy to state the problem. Not so easy to come up with solutions if your company’s income depends, not upon the truth or any recognisable version of it, rather it depends on something other than truth.

The Mel Gibson School of Philosophy

Silicon Valley pulled off a remarkable trick when they managed to convince so many of us that the absence of regulation was a synonym for  “freedom” therefore any attempt to regulate them was an attack on “freedom”.  I think Mel Gibson must have been their philosophical reference point. “Freedom” in this case was really a synonym for the ability to make money. In that respect they succeeded brilliantly.

Get “digitally literate”. Really? 

We are now being told to chill. Digital literacy is the answer.

Who could be against digital literacy? I’m not.  It should be encouraged to the greatest extent possible. But it is sort of dragging us back to the idea that the internet is a seminar room. If we are all just well educated enough virtue will triumph, evil will fail. Er, no.

The digital literacy schtick shifts the responsibility back to us to get ourselves  up to speed so as to negate or nullify the very things the platforms are doing.

For adults there is a stronger case for this. But for children?

Or pay for quality journalism

Alternatively we are told to chill for a different reason.

Good journalism is not dead. You just have to pay. Where does that leave kids and the poor? Some of the subscriptions are substantial. I know. I have several.

Countries which have public service broadcasters not dependent on advertising revenues e.g. the BBC in the UK,  are very fortunate but money is tight and  they are under constant attack from commercial interests who would like to see them dead and buried or at any rate reduced in size and reach.

Public service and other broadcasters and publishers are having to compete against a variety of platforms not bound by their code of ethics. These platforms are not even bound by the same laws. They enjoy massive immunities.

And worse, they think nothing of cannibalizing’s other people’s output, providing it for “free” while they, not the originator, pull in even more advertising dollars off the back of it, in turn making it harder…..you get the picture. This is one of the reasons why the authorities in Australia are trying to find a way to get the big platforms to pay.

Misinformation/disinformation/fake news is a child protection concern

The Online Harms legislation will begin in the UK Parliament soon (we hope). The EU’s Digital Services Act is beginning its journey through the EU institutions. This question of misinformation/disinformation is clearly going to be important to several interests.  Children’s organizations will be making the case that it is very much a child protection concern as well.

Posted in Default settings, E-commerce, Privacy, Regulation, Self-regulation

Let’s not make TWO mistakes

Nobody had spotted it. The European Commission openly acknowledged an error had been made. If left uncorrected it would bring to an end measures which have been protecting kids since 2009.

On 10th September the Commission published a proposal.  It describes the problem and, pending the development of a permanent or longer term solution, suggests the status quo is preserved at least until 2025. Phew! That’ll do. Disaster averted.

What was the mistake?

If the mistake is not rectified, when the European Electronic Communications Code comes into effect on 20th December this year, it will become illegal for a range of online businesses operating within the EU to continue or begin using automated proactive tools to try to detect child grooming behaviour, use PhotoDNA or similar to identify hashes of known child sex abuse still images or videos, or use classifiers to spot images likely to contain child sex abuse material so they can be sent for human review.

How well have these sorts of tools been working up to now? Absolute proof is impossible but to get some insight just look at the last annual report of the USA’s hotline(NCMEC).

According to NCMEC, in 2019 16.9 million child sex abuse images were reported to them and deleted. 99% were discovered as a result of the use of the kind of tools that are now otherwise under threat.

Heavy weather

At the LIBE Committee earlier this week the Commission’s  remedial proposal ran into some heavy weather  (the relevant part of the video starts at 10.36).

Yet several of the points some of the MEPs made at the Committee meeting were perfectly reasonable. It is earnestly to be hoped Commission officials and MEPs can work something out that will also meet with the approval of the Council of Ministers.

A failure to put this right, now we can see it full on, would not be an oversight or a second mistake. It would be something far, far worse.

A ban on innovation to protect children?

If I have any criticism of the Commission’s proposal it is because it seems to be suggesting only child protection technologies currently in use and well-established will be covered and therefore allowed. Presumably somebody in Brussels is drawing up a list?

This looks perilously close to saying innovating to protect children is being made illegal. One imagines updates and fixes will be allowed so this could easily get extremely messy.

Would it not be better and simpler to describe technology neutral general principles governing the use of proactive, online child protection tools? Providing any new tools that might come along conform with those principles, they are in the clear.

Lack of trust and transparency

Obviously there is not a single MEP who wants to help sexual predators to groom children. Neither is any MEP unconcerned about the circulation of child sex abuse images.

Thus, the discontent being expressed at the LIBE Committee meeting principally was an echo of the lack of trust in tech companies.  This is something European institutions could and should have addressed before now, but the fact that they have not done so should not lead to children  having to pay the price.

One MEP mentioned the possibility that companies currently proactively looking for illegal images or grooming behaviour might be deliberately acquiring data to use for commercial purposes.

The fact is the Commission’s proposal expressly states such behaviour would be illegal, as it would also be under the GDPR, so once again we are back to the lack of trust which in turn is rooted in zero transparency.

This is  one of the key aspects of the reforms to internet regulation to be addressed in the planned Digital Services Act and explains why the Commission describes the 10th September proposal as being only for the interim.

Posted in Default settings, E-commerce, Facebook, Google, Regulation, Self-regulation

Children’s groups speak out

The EU held a consultation on the upcoming Digital Services Act. It closed yesterday. Here is a link to the document I submitted with the support of one or more children’s groups from 15 Member States. What with the holiday period, Covid and the relatively short turnaround time, that’s not a bad showing. The processes that will now follow will likely carry on for some time and in the months (years?) ahead I hope we can build on that level of  engagement. It is vital that we do.

The year 2000 is ancient history

The decision-makers in Brussels-Strasbourg must understand that,  as compared with 2000 when they adopted the first set of ground rules for the internet, in the form of the e-Commerce Directive, the internet has changed almost beyond recognition.  Now one in five of all internet users in the EU is a child.

Children and families are therefore a major and persistent presence. They can no longer be treated as an irritating, trivial concern in a larger and more important or nobler struggle against, well, against all manner of societal and political evils. Children need to move from afterthought to always-thought in cyber policy making.

The five key recommendations

If you look at the document you will see it directs policy-makers attention to five major suggestions

  1. Establish a duty of care
  2. Create a meaningful, independent transparency regime
  3. Revisit the GDPR through the lens of children
  4. Closely scrutinise the operation of the AVMSD
  5. Improve the co-ordination and management of policy-making processes affecting kids

There is a separate paper, which was not submitted as part of the formal response. It acknowledges that the EU has been a major world leader in online child protection but it also details where it has not always got it right. I call it the “Consequences” document.

Posted in Age verification, Child abuse images, Consent, Default settings, E-commerce, Internet governance, Pornography, Privacy, Regulation, Self-regulation

The EU’s Digital Services Act

On 8th September an EU consultation closes. It concerns a proposed new Digital Services Act (DSA). The Act will provide a once-in-a-generation opportunity to change the internet’s ground rules. Children’s advocates need to get busy.

Reforming the e-Commerce Directive

In the past twenty years or so the internet has changed almost beyond recognition. When the EU adopted the e-Commerce Directive in 2000 in many EU Member States children were a very small proportion of internet and mobile or smartphone users. Social media sites and services barely existed. Apps as we now know them were some way off. Tablets  you got from the doctor.

In 2000 the technology was still relatively new and poorly understood outside a narrow circle. Business asked Governments to “stay out of the way and let us innovate”. They got their wish. If problems arose, tech companies assured everyone they would “do the right thing”. This was called “self-regulation”.

It hasn’t worked. Or rather, its successes have been far too limited and inconsistent. By giving online businesses an almost unique form of legal protection, the e-Commerce Directive created a perverse incentive to do nothing. Many did exactly that. Nothing, or not enough.  Every tech company says they take children’s rights, including children’s safety, “very seriously”. Yet look where we are.

Today in the EU 90 million internet users are children. That is one in five of all users. Families and children are a major and persistent presence in the world of digital technology.  Whatever else it might be, in 21st Century Europe the internet is a consumer product. The internet and its associated access devices must start to comply with standards commonly found in the consumer space.

Need to press the reset button

The terrible things that have happened online to far too many children are not an unavoidable price which has to be paid in perpetuity so as to continue enjoying the many benefits of the internet. But to change the paradigm requires a major act of political will. The EU needs to press the reset button. The e-Commerce Directive is in need of a major overhaul. That’s what the DSA will do.

Beware the Brussels-Strasbourg cocktails-and-lobbying circuit

In any lobbying or campaigning work any of us might do as the DSA processes evolve – and we are probably talking years – it is impossible to over emphasise the importance of not falling into the trap of thinking everything will be settled by Commission officials and, assuming it ever gets going again, the Brussels-Strasbourg cocktails-and-lobbying circuit.

A major part of the  decision-making machinery is the Council of Ministers.  This consists of Ministers from each country, typically supported by civil servants  and advisers in their own national capital and their permanent delegation in Brussels.

On matters such as these it is vital each of these elements and MEPs know how strongly people feel “back home”.

Briefing document heading your way

I have prepared a (short) briefing document which sets out my own views on the key strategic reforms that are needed. Although I wrote it, it is the product of many discussions with experts from several different disciplines and geographies.

The briefing paper is linked to another (slightly longer) document which acknowledges while the EU has been a  major world leader in many areas connected with children’s safety and children’s rights online (and being held safe is a major right) there have also been some spectacular failures that need to be corrected. Now is the time.

Watch out for these documents in your inboxes in the coming days. Use, adapt or ignore  them as you like in any campaigning you undertake. Hopefully we can join together in some way to make our collective voice louder.

The signs are good

In the past couple of months we have seen Vice President Šuica’s initiative, “Delivering for children: an EU strategy on the rights of the child” and Commissioner Johansson’s Communication on a “Strategy to combat child sexual abuse and exploitation” with its major emphasis on the position of victims of sexual abuse, online and off. There has also been a Communication  on areas of the GDPR that need another look in relation to matters affecting children. Many pieces of the jigsaw are coming together about now.

Add that to the fact almost every major tech company accepts reform of the rules is required, and you can see why I am feeling optimistic. But not naively so.

Optimism can be the graveyard of fools

For all the fine words we are hearing ahead of the match, we have to expect two things.

Whatever  large or small tech companies say in public about how much they recognise the need for a new regulatory framework, when it comes down to the nitty-gritty detail don’t expect their views and ours to be same.  We will not all be holding hands and singing in harmony from the same hymn sheet. That will put a strain on some of the vaunted “partnerships” that exist.

Then there’s the usual suspects in civil society. Many are not quite as starry-eyed as they once were about the, as they saw it, “freedom-loving, insurgent Mother Theresa goodness of Silicon Valley” but we know from bitter experience they will generally find a reason to put children’s interests, children’s rights, lower down the list.

.

Posted in Default settings, Internet governance, Regulation, Self-regulation

Beware the harmful algorithm

These past few days British media outlets have been full of stories about the scandalous way 17 and 18 year olds have been dealt with following the cancellation of ‘A’ Level exams because of the virus.  At the root of the problem was an algorithm. Or rather, it was probably not the algorithm that was the problem, as such,  but how it was applied.

‘A’ Level results essentially determine which University or other educational or training opportunity you end up with as your life journey moves to another level at the end of your time at school. It is usually a pivotal moment in a young person’s life. Not necessarily decisive, but hugely important.

Teachers’ predictions

For readers outside the UK:  this year every young person’s teachers were asked to predict the results they would have obtained had they sat  ‘A’ Levels.  This happens every year so it is possible to compare predictions with actual outcomes.  A great many children perform exactly in line with predictions. A great many do not. That gap is important because it is populated  by people, not robots.

In the usual way, on the basis of teachers’ predictions University places and the like were offered, or not.

Devising an algorithm 

In the absence of actual exams how were the authorities to determine the final results? The answer they all came up with was to devise an algorithm then apply it to the mass of data showing the predicted grades.

The process of devising the algorithm appears to have started by looking at historic data for the subjects concerned, and the type of school concerned, for which read the demography of its intake.

These data would show that in school A, in a certain kind of area x% of  students could be expected to receive top level grades in Maths,  y%  would get the lowest grades in History and so on, subject by subject, school by school.

Class size matters

One of the other factors in the equation was class size, which is typically a proxy for parental income. Children in smaller classes tend to do better than children in larger classes. Who knew? “Smaller classes”  is often just another way of saying “private school”  or a school in a prosperous part of town. Which tends to get us back to parental income.

According to this way of looking at the matter, year after year a predictable proportion of young people will get a certain spread of grades and therefore end up going to a certain spread of Universities or whatever.

But here’s the kicker. Teachers’ predictions for each child were the very last factor to be entered into the calculations. And it looks like they counted for a lot less than the “framework” established by the historic data.

“A process” became a cruel farce.

Marked down

The process has had terrible consequences for huge numbers of children. Why? Because in making the end result fit the pattern of previous years,  large numbers of youngsters were marked down from their teachers’ predictions.

In defence of the system, some officials tried to argue that because teachers from certain types of schools, seemingly with equally certain mathematical predictability, are more prone to overestimate a child’s performance than teachers from other schools, the  large scale marking down was justified.

Dazzled by the maths. Lost sight of the young human being

If you happened to be in an improving school about to register its breakthrough moment, well that’s just bad luck according to the faceless ones who gave their blessing to all this. In  allowing themselves to be dazzled by the logic of the maths they lost sight of the humanity required when handling young people’s dreams.

I listened to two distinguished statisticians explain that “Algorithms work extremely well for populations, but not necessarily for individuals.” They said this quite dispassionately and not in any way to justify what happened this year.

A system that only works for populations and allows for substantial injustice to be suffered by an individual is a system not worthy of the name. Young people can improve their individual performance between mocks and finals. Poor mock results are often the spur to pull your finger out. That’s not something a blunt instrument like an algorithm can detect. With young people’s lives we need precision lasers not hammers.

With a shrug of the shoulders a bureaucrat cannot be allowed to sweep aside and crush a young person. I am tempted to invoke historical examples of other forms of brutal indifference to the individual in the interest of “the plan” but the point is obvious to anyone with a brain and a heart.

Maths first. People nowhere. Not acceptable.

Worcester College, Oxford shows the way

Starting with Worcester College, Oxford some Universities have declared they will accept the teachers’ original predictions and ignore any marking down. I applaud them. How  easy it will be for others to follow suit I don’t know, but they should  all certainly make the effort and stand ready to explain why they didn’t.

GDPR no help but…

Article 22 of the GDPR says individuals shall have the right  “not to be subject to a decision based solely on automated processing, including profiling……”

That is  pretty close to what has happened here although because it isn’t exactly the same, Article 22 is of no use (the process was not based ‘solely’ on automated processing).

Yet the spirit of Article 22 is clear. There is an appeals process but it costs money and it may not be possible to complete the vast numbers of appeals now anticipated before the University  and other terms begin.

With the inevitable drop in students from overseas (maybe even all Chinese students) why can’t everyone do what Worcester College did?  In the next two to three years perhaps there will be a higher drop out rate but at least each student would know this was down to them, not an invisible, unaccountable hand in Whitehall, Holyrood, Belfast or Cardiff. And set against that there will some students who get in to University or other place who otherwise might not have done. And they will shine.

We should not have to choose between injustices

One last word: I have heard people complain that children from private schools and more affluent parts of town fared less badly than children from elsewhere. That is the inevitable result of how algorithms work. If there is bias in a system it will be reflected in the data and be reproduced by it.

This is not a reason to punish the children of well off families. The individual is what matters here, not their parentage. Insisting that little Billy Rich or Jenny Affluent does not get the University place he or she dreamed of because Frankie Poor and Lucy Skint from down the road didn’t get theirs is the wrong answer to the wrong question.

There are lessons here for all of us as algorithms seem set to play an ever more important role in the way all kinds of things work. Particularly over the internet.

Posted in Privacy, Regulation, Self-regulation, Uncategorized

“Good Pictures Bad Pictures”

I have just finished “Good Pictures Bad Pictures. Porn proofing today’s young kids.” by Kristen Jenson.

I have to say, right off, the book is excellent. It is not preachy, moralising or judgemental. In crisp, clear and concise prose it describes a conversation between a mother and, I would guess, her nine or ten year old son. Dad makes an appearance towards the end so it’s not just Mum on a solo run.

The author suggests a parent sits down with the book and talks it through with their child, chapter by chapter, going at their own pace.  The style and clarity of the writing  should make that very easy to do. There are two or three questions at the end of each chapter which will help embed the learnings of the previous pages.

It’s all about the science

What particularly impressed me about the book was the way it bases its explanations  and advice on the science of adolescent brain development. Whatever your view about adults’ consumption of porn, you will be left in no doubt about why it is important to keep it away from kids.

Porn sites are not educational aids. They are purveyors of lies. Harmful lies.

Posted in Age verification, Pornography, Regulation, Self-regulation

Age verification. Movement in South Africa

The South African Film Board is charged with developing regulations to give effect to their recently adopted law requiring age verification for pornography sites. A consultation  was held on how the regulations might be implemented. It closed yesterday. After thanking them for the opportunity to comment this is what I said:

I only have a few, limited points to make about your proposed regulatory regime.

  1. You should ensure your regulations make clear the Board will not accept as valid any age verification solution provided or supplied by any company or organization with economic or other material ties to any entity connected with the publication of pornography. This is vital to maintain public confidence in the age verification process.
  2. The tone and manner in which the age verification solution is presented or marketed should stay tightly focused on the protection of children from age inappropriate content.
  3. Age verification is about upholding children’s rights. It is about meeting states’ obligations to protect children, for example under  Articles 19 and 36 of the UN Convention on the Rights of the Child .
  4. Thus the policy should not appear to be intent on making access to pornography difficult, neither should it be possible to  see it as or believe it to be an “anti-pornography measure”. Practically every publisher of porn acknowledges their material is not meant for children’s eyes but without a law requiring them all to use age verification it is impossible to make an age verification policy work.
  5. Any age verification solution should have only one objective: determining that the person who wishes to access a pornography site is 18 or above. The individual’s  identity e.g. name, address or other identifying features are utterly irrelevant, excessive, and over intrusive. Collecting them will be seen as a threat intended to discourage people from accessing pornography sites. There are several  age verification solutions available which do not require  personally identifiable data to be recorded or retained yet can provide robust evidence that an age verification process has been completed.
  6. The public needs to have the highest confidence in the age verification solutions providers’ respect for their privacy. Compliance with strict privacy rules should be mandatory from Day 1.
  7. It would be greatly to everyone’s advantage if age verification was not solely or principally associated with pornography. There are other classes of audio visual materials which are supposed to be restricted to adults where the same regime should apply.
  8. A power to block access to non-compliant sites is essential.
  9. A power to direct payments companies, advertisers or ancillary service providers  not to  engage with non-compliant sites is also essential.
  10. Pornography sites should not be allowed to promote or be associated with  VPNs or any marketing or other measures  which would be likely to facilitate or encourage evading the age verification regime.

 

Posted in Age verification, Pornography, Privacy, Regulation, Self-regulation

The EU’s strategy for a more effective fight against child sexual abuse

I said in an earlier blog I would write more fully about the announcement last week of the European Commission’ s new strategy for a more effective fight against child sexual abuse. I wrote that when I had only skimmed the document. I have now  read it in full from end to end and I have changed my mind. The reason is obvious. The document, known in Commission parlance as a “Communication”,  is itself a summary and a pretty intense and dense one at that.

It is both brilliant and comprehensive, packed with statistics, references and ideas. It would be ridiculous to try to compress it further. I’m afraid you will just have to read it yourselves. It’s worth the effort. And to be clear the document is categorical that any strategy worthy of the name must recognise that addressing child sexual abuse in the physical environment is every bit as important as and integral to tackling it online.

Internal structures?

If it is light in any area it is in respect of the Commission’s own internal structures and processes. Children’s issues are cross-cutting in nature. The atomised way Commission Directorates operate militates against anyone having a 360 degree overview.

This must change. There needs to be someone close to the very top, supported by an expert team, who can see things early in the policy development process. They should have the  authority to step in and insist that the impact on children is weighed in the balance.

I recently wrote about the near miss with the European Electronic Communications Code but there have been other examples before that.

The example of postal services

I remember ages ago attending an event in Brussels where a Commission official was speaking eloquently about smoothing out inconsistencies in relation to sending goods by post across national boundaries. The purpose of his proposals for a new approach was to stimulate more economic activity between Member States.

In Country A it might cost 2 Euros to send a 1 kilogram package to Country B, the border of which might be only a few kilometres away, yet to make the same trip in reverse it might cost 90 Euros because a border was crossed, or only the same 2 Euros if the identical item went for hundreds of kilometres entirely within the territory. The formalities in Country A might also be very different from those in Country B.

I could see the logic of smoothing out inconsistencies in relation to the higher objective of creating a  single internal market but I pointed out that, in respect of children, not all EU Member States had the same regulatory environment in terms of what children could buy online or consume in the physical world so wasn’t there a risk that, without more, this measure was going to threaten…. you see the point.

The chap was disarmingly frank in his reply. “No one has ever mentioned that before. It’s not the sort of thing we ever think about.” Or words to that effect.

A new European Centre to prevent and counter child sexual abuse

It would be absurd to suggest this was the crowning glory of the Commission document but the importance of creating a new European Centre to focus on child sexual abuse cannot be over-emphasised. Few Member States have the capacity to keep tabs on all the research going on around the world or all the developments that impact on this area of work. There are even fewer that, on the scale required, can initiate research and evaluate outcomes.  This means learning about new and valuable ideas can be a bit haphazard. People on the inside track find out fast. People on the outside track don’t.

This proposed new Centre could change all that. It will be able to strike up partnerships and engage with key players outside the EU. Disseminating information in optimal ways will be a core task.

The Centre should aim to become a global resource working cooperatively with existing and new poles of expertise. There is plenty for everyone to do.

Again a word of caution. For this Centre to be truly effective it must find a way of strengthening the capacity of civil society to participate in its work. There has to be a strong independent voice that will not feel constrained about speaking truth to power because power is tied up in trade talks with a third party nation about whale meat or because it might be uncomfortable to highlight the shortcomings of a prominent partner. When things get cosy they go wrong. But who doesn’t like cosy? Cosy is the new entropy.

Challenges ahead

The Communication contains many references to the Child Sexual Abuse Directive (2011/93) a truly ground-breaking initiative at the time which, if memory serves, was inspired by or grew out of an earlier Communication of some sort. The new Communication acknowledges there have been difficulties in securing full transposition and implementation of the Directive. So much so that it has already initiated infringement proceedings against 23 out of a possible 26 Member States (Denmark is exempt) and, according to footnote 22, in the cases of Ireland, Cyprus and The Netherlands we learn there is a “dialogue on conformity” which is seemingly “ongoing”. 

That means not a single EU Member State to which the Directive applied has, in the view of the Commission, satisfactorily discharged what they think are the obligations imposed by the Directive. Food for a great deal of thought.

Does anyone know of any instances in other areas where everybody has either been proceeded against for non-compliance or become involved in a “dialogue on conformity”?

Posted in Child abuse images, Privacy, Regulation, Self-regulation, Uncategorized | 1 Comment