UK Government in court over age verification

The Government is in court tomorrow over its failure to implement age verification for pornography sites. Fingers crossed.

Posted in Age verification, Pornography, Privacy, Regulation, Self-regulation, Uncategorized

EU’s new policy statement on child sex abuse

The EU is developing a new policy statement ( a “Communication”) on the fight against child sex abuse. Here is a link to my submission.  It’s too long but there is an Appendix which summarises the main recommendations.

Posted in Child abuse images, Regulation, Self-regulation

Are you beyond being shocked?

Do you think you are beyond being shocked? I thought I was too, but I’ve just been reading about the “Kentler Project” . For 30 years the authorities in West Berlin intentionally placed homeless children in the care of known paedophiles. Details are re-emerging in the wake of publicity about an enormous police operation getting underway in Germany, perhaps involving up to 30,000 people drawn from German-speaking communities.

I’m not  sure  the UK’s IICSA Enquiry or the 1997 blockbuster “People Like Us” by Sir William Utting ( which, among other things, looked at how poor management systems had allowed paedophiles to infiltrate children’s homes), can match anything like Kentler but that is not saying much as the Rotherham, Rochdale and other cases remind us.

Posted in Child abuse images, Uncategorized

Business goes where Governments fear to tread

It’s a funny old world.

Governments bang on about the unacceptable nature of some of the stuff that regularly appears on social media. They call on the platforms to do something about it and, immediately, a whole army of predictable voices rise up to claim this presents a terrible danger to free speech. Those elements truly living in a deluded bubble often go a great deal further, suggesting it is all part of a (usually) undisclosed plot by Governments to… know the rest.  You can fill in the dots without my help.

But just look what has been happening in the last week or so and listen to the silence.

Stop Hate for Profit

9 days ago an initiative called “Stop Hate For Profit” launched an appeal to advertisers, asking them to halt further expenditure on Facebook until the end of July. Why? Here are their own, unedited words

“From the monetization of hate speech to discrimination in their algorithms to the proliferation of voter suppression, to the silencing of Black voices, Facebook has refused to take responsibility for hate, bias, and discrimination growing on their platforms.”


Who are some of the moving forces within Stop Hate For Profit? The  NAACP and the Anti-Defamation League  (ADL) are two powerful and highly respectable US civil rights bodies and they have gathered about them several other heavyweight organizations as part of an impressively larger effort sparked by the Black Lives Matter movement in the wake of the murder of George Floyd.

So how are they doing?

Unilever (the largest spender on advertising in the world) has joined Ben & Jerry’s, Verizon and North Face in saying they are withholding their patronage. Today Coca-Cola joined the gang along with Honda and Hershey’s, the largest sweets manufacturer in the USA. According to some reports Twitter is being added to the list of boycotted companies and the period may extend beyond July.

Imagine the intellectual contortions going on in some people’s heads. On the one hand, if you believe in a free market economy in which private companies are at liberty to express their tastes and preferences in terms of how and where they spend their own advertising budgets then none of this is in the least bit worrisome or troubling. But on the other…

Not the arbiter of truth?

Only last month Mark Zuckerberg proclaimed Facebook won’t be the “arbiter of truth”.  This sort of slippery, political language hints at desperation.  It won’t wash. It won’t fool anyone. Everybody knows Plato cashed in his shares and left the company years ago, along with Leibniz and Sir Karl Popper.

Facebook is not conducting a philosophy seminar in Oxford. Facebook is a fully engaged actor. What it does shapes and affects outcomes on the rough hewn streets of our cities and beyond. Facebook cannot be neutral or Olympian when it comes to spreading stuff that kills people. It cannot ignore behaviour which causes injury.

You cannot hold yourself out as being concerned to make the world a better place and at the same time eschew interventions that will actually make the world a better place.

What people expect from Facebook can be stated in plain language.  Common decency. If that is just too difficult for the company’s present management to handle they should make way for a new set of brains and wiser hands.

Yes, the dangers are clear

The dangers of allowing companies to step in and insist on Facebook and others upping their game could threaten diversity as it drags social media platforms back to a comfortable centre.  I have to say, right now, I for one would welcome a bit of that. I am fed up with being forced to worry about edge cases when so much in the middle is wrong.  If anything, what Unilever and others have done is remind everybody why we need internet regulation to be based firmly on clearly stated, public policies which are enforceable by courts not advertisers’ whimsy.

Meanwhile let’s see if Facebook decides if it can, after all, get into a bit of “arbiting”.

Posted in Facebook, Privacy, Regulation, Self-regulation, Uncategorized

Something could be done now?

If you click here you will see a copy of a letter I sent today to Information Commissioner, Elizabeth Denham CBE, the UK’s chief privacy enforcement official.

In the letter I suggest the fact that the Government called a halt to the implementation of Part 3 of the Digital Economy Act 2017, (DEA) appears to have convinced porn companies they can carry on as before for at least another year. Other businesses that engage in the provision of sites, apps or services intended only for adults seem to think they too have been awarded an extended, child-harming holiday.

All of them are mistaken, at least in principle.

My letter is designed to see how far this principle might be able to propel the Commissioner to act to make the internet safer for children sooner.

What was Part 3 about?

There are two fundamental points about Part 3 of the DEA.

First, it only applies to commercial pornography sites.  As already mentioned, there are several other types of adult sites, apps and services which can put children at risk. For them Part 3 is substantially if not wholly irrelevant.

Secondly, reverting to commercial pornography sites, let us recall Part 3’s quite specific purpose. It was intended to create a regulator with powers which would allow it to influence the behaviour of businesses ordinarily outside the reach of UK courts. All the porn sites that matter are based overseas. They have no significant asset base in the UK.

The regulator would be able to bring such sites to heel by attacking their income streams. Ultimately, if necessary, the sites themselves could be blocked.

There has to be another Bill

The DEA said the regulator would be the BBFC. Now it looks like it will be Ofcom but that is contingent upon the Government bringing a Bill to Parliament.

The Government said they will bring a Bill at or around the time they publish their final response to the Online Harms White Paper.  We still have no idea exactly when that will be. Covid and Brexit are set to dominate British politics for ages. However, even if the Bill appears, as promised, “sometime this year”, it likely will not pass until next year,  then the processes of getting a new regime established will begin.

Things could be “speeded up” by the wholesale copying of the BBFC’s work but, assuming the Government remains true to its word, there will be the new powers to integrate vis-a-vis social media platforms. Then there’s privacy. It seems likely there will be changes there as well. Either way we could be looking at 2023 or beyond.

That is completely unacceptable but some people who were focused solely on porn said they weren’t so bothered because once the excellent Age Appropriate Design Code kicks in  the Information Commissioner can go after the sites. A regrettable delay but not a huge one. We can live with it. No.

The Code is not about adult sites, apps or services

The problem is the Code, brilliant and necessary though it is, actually is not concerned with adult sites, apps and services. It follows if the Commissioner can do anything it has to be rooted in the basic law. And if that is the case we do not need to wait until the Code comes into force. The child-harming holiday is cancelled.

Still need Part 3 DEA powers but in the meantime

Obviously, the Commissioner does not have at her disposal the same powers that were going to be given to the BBFC. But if, whether in a letter or as the outcome of a formal investigation, Elizabeth Denham were to make clear that certain sites or classes of apps, sites or services operating without robust measures to restrict children’s access were operating unlawfully, or were likely to be, it may have some beneficial impact. It might shame the owners into acting earlier or cause other businesses on whom they depend to withdraw their services or support.

We can but hope.

PS If you read the letter all the way to the end note the point about perilous and deceptive marketing.

Posted in Advertising, Age verification, E-commerce, Pornography, Regulation, Self-regulation

A child’s legal right to porn? I don’t think so.

Pornhub is not an aid, comforter or reliable source of advice, guidance, support or information for children who are anxious or inquisitive about sex, their own sexuality, or relationships. Neither is any other porn site I know about.

The fact that some children may say they go to sites like Pornhub because they are anxious or curious about sex, their own sexuality and relationships, or are looking for support or guidance in relation to such matters, is simply a terrible indictment of the poverty of 21st Century societies’ approach hitherto. It does not give Pornhub a tick.

Delegating your child’s sex education to Pornhub. Bad idea.

There has probably never been a time when it was exactly easy for parents or schools to find the right way to help children and young people through that part of their lives when sex, their own sexuality and relationships loom so very large in their developing consciousness and self-awareness.

There  has long been a tendency, at least for parents, to dodge the “difficult conversation”or,  consciously or otherwise, to delegate it to “someone else”.

The problem is today the “someone else” is often a ubiquitous, money-making business with so few scruples that, despite acknowledging none of their materials are suitable or meant for children they do nothing to prevent children accessing them. Even though they could. Pornhub is the 800lb gorilla in the room (with apologies to the many gorillas who may be reading this).

The internet has changed everything. Dramatically.

Porn ain’t what it used to be

One of the world’s leading commentators in this field, Gail Dines, said she almost (note, “almost”) felt nostalgic for the porn of the early 1980s and before.

“There has always been porn but there has never before been a porn industry such as that which the internet has created.”

Gail points out the porn today’s parents and grandparents saw when they were younger is likely to be a million miles away from Pornhub’s everyday offerings both in terms of  its nature, quantity, ease of access, which is constant, and cost, which is zero.

Like their parents and grandparents some of today’s children might say “porn has done me no harm” or “I can handle porn” or “porn helped me, it was useful” . These are not convincing reasons for continuing to accept the status quo.

Consequences may only become apparent later in life

Many of the problems associated with porn use, particularly excessive porn use, do not manifest themselves immediately.  They may not do so until a person reaches their mid-20s or  it could be later than that.

And by the way, in several studies substantial numbers of children said porn was either the most upsetting thing they had encountered online, or it was one of the most upsetting things. Alternatively they felt that while they, personally, were “ok with it”,  they felt really strongly other, younger kids, shouldn’t be looking at it. “Just saying, for a friend”.

A parallel with smoking?

When I was a kid, in England the legal age at which you could smoke was 16. As I reached the magnificently mature age of 15 I could see no good reason to wait an extra year to do something that was so obviously enjoyable and cool.  What did these idiotic oldies know about anything anyway? They had never even seen The Beatles live. Or The Rolling Stones. I had done both. Twice.  I had a unique insight into the meaning of life. That proved it.

The pleasures of smoking were plainly wasted on the gerontocrats. They just needed to step aside.  And this was at a time when lots of people claimed the harms associated with smoking were vastly exaggerated or non-existent. Twenty years later I realised what a terrible mistake I had made and after a lot of pain I quit.

The adult world is charged with doing stuff that is in children’s best interests, even when not all children see it that way.

Not a silver bullet but a big bullet nevertheless

Children do not have a legal right to access porn. Children have a legal right to good advice and access to a range of sound, inclusive and comprehensive information about and support in relation to sex and sexuality.

States have a legal obligation to provide that and  it would probably be best provided in the context of a public health and education framework.  However, an inescapable part of states’  obligations includes a duty, on the basis of the best available scientific advice, to restrict children’s access to stuff that harms them. Pornhub and the like harms kids.

When introducing age verification to restrict children’s access to porn it is essential we get right and respect both children’s and adults’ right to privacy. And we certainly should not see age verification as a silver bullet.

Yet it definitely is a bullet. I think a big bullet. It is a bullet aimed specifically at denying the Pornhubs of this world any role in determining the sexual socialization of the young.


Posted in Age verification, Internet governance, Pornography, Regulation, Self-regulation, Uncategorized | 2 Comments

Problems with the GDPR

The EU recently undertook a review of the first two years of the operation of the GDPR. If you missed it you are not alone. The existence of the review was not well publicised. It will report soon but the focus was anyway too narrow. I hold out no great hopes of seeing any much needed improvements which will help children. However, CNIL (the French national data protection authority) is conducting its own review and here the terms of reference are much wider. I pass on these thoughts to them about the points in their questionnaire and other matters.

A  neglected group

Children make up 1 in 3 of all internet users in the world. In some countries this rises to 1 in 2. In high income countries such as France and the UK the proportion hovers around 1 in 5. Thus, whichever way you look at it and whatever else you might believe or want the internet to be, unquestionably it is a medium for children and families.  Too many people appear not to know or accept that.

Arguably children are the world’s largest single, identifiable constituency of internet users.  Unarguably they are the world’s largest single group of vulnerable users.  Yet time and again children appear to have been put in a box marked “too difficult” when it comes to data protection and privacy concerns.  Children are constantly forgotten or overlooked, which is another way of saying “neglected”. In the whole of its life the Article 29 Working Party produced only one substantial report on children. That was in 2008 and principally it concerned schools’ handling of students’ data. Important but not exactly hitting up against the far edges of the techno-horizon being ushered in by the internet.

Like moths to a flame

The modern internet evolved largely as a set of services floating on a sea of data used to fuel targeted advertising.  It was shaped and developed by techno-advertising companies presenting themselves as disruptive rebels. Creative spirits of a new age. Fabulously wealthy, cool and at first sight overwhelmingly benign.

Against this background it is hardly surprising lawyers were drawn to the new frontier along with the technical experts who support them.  Either as employees or retained consultants most of these lawyers and geeks consequently developed a sophisticated understanding of the immediate, cash-generating needs of their paymasters. They did not contemporaneously develop a comparable appreciation of the position of children as end users. There were no laws compelling businesses to do that so they didn’t whereas there is always a compelling need to increase sales and stay ahead of the competition.

Platform immunity and no obligation even to try to confirm a user’s age pretty much guaranteed what happened next. Like moths to a flame,  albeit for different reasons, gigantic numbers of children were also drawn to the “new cool”, places not meant for them, not understood by parents or teachers. Which made the whole thing even cooler.

A lack of expertise

Whatever you make of my reading of history, it is incontrovertibly the case that there has never been the same incentives or possibilities to develop a countervailing body of legal or technical knowledge, expertise or institutions which are readily and continuously accessible to impecunious children’s groups. The playing field remains massively tilted. Ad hoc pro bono assistance is welcome when and where it is available, but no way is it a substitute for solid, on-going professional engagement.


Expertise,  research, guidance and clarification

  1. National Governments, the European Commission, the European Data Protection Board and national data protection authorities must strengthen their own expertise and understanding in relation to children as actors in the digital environment.
  2. Inter alia, this should be built upon a solid and substantial, publicly available evidence base regarding children’s use of digital devices, Apps and spaces. In the USA the FTC is being urged to engage in such a major evidence gathering exercise as part of  a process which may lead to revisions to COPPA. Maybe there is be some scope for  Europeans and others to co-operate in that endeavour? As usual, any changes made to operating rules in the USA will have a global impact so this  would be logical.
  3. Civil society organizations should be helped to improve their understanding of the position of children as data subjects.
  4. Ways should be found to ensure civil society organizations  have access to professional expert technical and legal advice when pursuing privacy issues relating to children as actors in the digital environment. It should be made easier for class actions to be brought to settle disputes which are likely to affect significant numbers of children.
  5. Individual companies and industry-based regulators should be given detailed guidance in relation to what is expected of them. The  UK’s Age Appropriate Design Code  amplifies key provisions of the GDPR in ways which business can readily understand and act upon. The Australians have been considering moving in a similar way.
  6. There is persistent confusion about the nature and scope of what constitutes “sensitive” data, particularly in respect of inferred data which, almost by definition, cannot have been given with explicit, informed consent. In respect of children what are the rules governing how it might be processed and stored?

Correcting a major error

  1. In the original proposal for the GDPR, issued by the European Commission in 2012, there was no mention of ICANN or WHOIS. In none of the subsequent proceedings in the European Parliament, either in Committee or plenary session, neither at the Council nor during the Trialogue, was ICANN or WHOIS mentioned in any way whatsoever, directly or indirectly.
  2. This led to two different but quite specific difficulties which need to be urgently addressed. They have profound and wide ranging effects on children’s rights.
  3. The first concerns the ease with which WHOIS data might be accessed and by whom it can be accessed. Commercially driven forces within and around ICANN used the failure of the GDPR to address WHOIS to bring an end to practices which had existed since Day 1 of the internet. The cost, complexity and time it now takes to access WHOIS data mean levels of online crimes against children, and many other kinds of online crimes, continue unabated or they get worse. It is hard to believe this is what the European Institutions intended or anticipated. How could it have been when the issue was never discussed?
  4.  Secondly, a distinct problem concerns the accuracy of data within WHOIS. Whatever the rules about access might say, if a someone intent on distributing child sex abuse material via a web site knew their name, address and contact details had been accurately recorded by anyone anywhere on Earth, it is hard to believe they would still allow such a site, linked to their name, to be used for criminal purposes. Yet within WHOIS accurate data are the exception not the rule. ICANN has recently taken decisions which make it likely the levels of inaccuracy will increase not decrease.
  5. There are provisions within the GDPR which refer to the importance of  maintaining accurate data in databases but  these provisions are poorly enforced and the penalties are in no way a sufficient deterrent. The penalties for internet Registrars and Registries not verifying WHOIS data prior to selling, renewing or recording a domain name should be substantial and the penalties for persistent failure should be tough.  As the body ostensibly with the power and initial authority to enforce WHOIS rules ICANN should be drawn into the line of fire if they too persistently fail to ensure their own rules are fit for purpose and are honoured.
  6. ICANN should be placed under an explicit obligation to have regard to the way in which their systems facilitate unlawful behaviour or make the job of potential plaintiffs or law enforcement agencies more difficult,and costly than it need be. Studied indifference towards the real world impact of their behaviour must become a thing of the past for ICANN.

Strong encryption

  1. The early drive towards more widespread use of encryption was hugely important. Should an organization’s defences fail and hackers get on to their servers the fact that all stored data are encrypted is a vital, last line of defence.   Neither should it be possible for hackers to intercept data moving across a network. Vital communications between critical national infrastructure facilities, supply chains, online banking and other use cases remain obvious candidates for the deployment of strong encryption.
  2. However, we are approaching a point where encryption is being used at large in generic environments not as a defence against crime but as an enabler of or cover for it.
  3. Measures which have been developed to work at scale to defend children, for example PhotoDNA, are threatened with redundancy by the deployment of encryption. Look, for example, at what Facebook is threatening to do with Messenger and Instagram. However, Facebook is only in the limelight because it previously released data showing the level of criminal abuse of their service. There is no reason to suppose things are significantly different elsewhere.
  4. Moves towards encrypting even metadata will complicate the fight against online crimes against children yet further.
  5. The idea of the Rule of Law presupposes the possibility that the law can be implemented or enforced yet the way strong encryption is spreading threatens to create large spaces where courts in every country in the world will be rendered impotent. For all practical purposes their subpoenas and orders will be nullities.
  6. Careful consideration needs to be given to how this problem should be addressed.
  7. At the very least companies offering services which are used by children will need to explain why they have intentionally deprived themselves of the ability to protect children, both generally and specifically in relation to personal data.

A question of age

  1. The GDPR strongly suggests that where a service is provided for or is meant to be limited to groups or individuals defined by reference to their age, the service provider should take all reasonable and proportionate steps to ensure those provisions or limits mean something.
  2. This should be the case wherever  an age limit is stipulated in a company’s Terms and Condition of service. Where age is also stipulated by law, penalties for breach should be higher than they would otherwise be.
  3.  In Germany there appears to be a greater willingness to engage with and approve technical solutions to assist with determining a person’s age while at the same time remaining respectful of the individual’s privacy.
  4. Age is an obvious and important reference point, but what matters is whether or not children are actually using a service,  irrespective of whether or not the service is intended for them.


Posted in Age verification, Child abuse images, Consent, Default settings, Internet governance, Privacy, Regulation, Self-regulation

President Trump gets it wrong

So it wasn’t an empty threat.  President Trump did it. He signed an Executive Order which, in essence, seeks to change the law on platform immunity, as conferred by s.230, Communications Decency Act 1996.

It is doubtful the Executive Order will withstand a legal challenge. There is not only the obvious 1st Amendment point, the fact is Trump is trying to change the substantive law by fiat. Congress has to be involved in any alterations to substantive laws of this kind. By the time they got around to it, if they ever did, the Congressional and Presidential elections would be over and who knows where things will be? Not me.

I am not going to waste words on stating the obvious about the President of the United States. Let’s just say I am sure I will not be alone in finding the speed with which he moved on this topic was in such marked contrast to his lethargic approach on a broad range of issues concerning children’s rights and children’s safety on the internet that, well, words don’t fail me but what’s the point?

There is a great deal that is wrong with s 230. It does need amending but the crudely political and partisan way the President has engaged with the topic means in the weeks ahead there is going to be a great deal of sound and fury which will signify nothing much of consequence. The dust needs to settle before it is clear how, if at all, the children’s lobby can best intervene.

I have no problem with social media platforms maintaining their immunity providing they can demonstrate that, mindful of the available technology, they took all reasonable and proportionate steps to eliminate or reduce breaches of their terms and conditions of service, in particular in respect of behaviour harmful to children, and doubly so where that behaviour is anyway illegal.

On the question of responsibility for fact-checking and truthfulness, children’s groups do have a dog in that fight. We all want children to grow up aware of the importance of basing their judgements and actions on accurate information in respect of events or matters which impact on their own and other people’s lives.

Given the huge dominance of the internet as a source of information, perhaps particularly in the lives of young people, allowing or being indifferent towards algorithmic pulls towards sensationalised, distorted rubbish or downright lies cannot be a good starting point. Internet companies have built these systems which reach into all our lives. They cannot now turn their backs on what follows on from that.

How you solve this problem is not easy or obvious but I absolutely do not think it is acceptable for a company to argue that just because someone claims to be a politician they can say whatever they like on their platform. “All it needs for evil to triumph is for good people to do nothing” (Edmund Burke).

Posted in Facebook, Google, Internet governance, Privacy, Regulation, Self-regulation

Good but nowhere near good enough

Last Thursday Facebook made an announcement about its plans for Messenger. In truth the substance of the announcement concerned great stuff I thought they were already doing, at least on their main Facebook platform, so discovering they were now going to do the same on Messenger was a little underwhelming.

But first, if you click on the link to the announcement you will see it is headed

“Preventing Unwanted Contacts and Scams in Messenger”. 

So we’re clear, this is not about the content of messages in Messenger, at least not insofar as it relates to known illegal images of child sex abuse, the sort that have previously been picked up by PhotoDNA.

Then we see these important words

“As we move to end-to-end encryption, we are investing in privacy-preserving tools….. to keep people safe without accessing message content.”

This bears out two things: it ain’t about content, illegal or otherwise, and they are going ahead with it.

Their mind is made up. They know exactly what they are doing and why they are doing it. The only Damascene moment they are likely to experience will have been the result of legislative action or the threat of it in a jurisdiction which is important to their business.

Don’t get me wrong.  As I suggested earlier, the measures they are proposing are welcome. However, even Alex Stamos, former Chief Security Officer for Facebook, could only bring himself to say it was a “good start”.  Maybe he is as underwhelmed as I am.

Analysing metadata

The software tools Facebook say they will be deploying in Messenger will analyse metadata to pick out dodgy patterns. Once detected, an alert will be triggered on the end user’s screen and maybe there will also be an intervention by the company itself.  But what these tools will not do is spot known illegal content being exchanged between users.

Facebook must find a way to convince us

Facebook must find a way to convince independent and respected experts that its move to encrypt Messenger has not worsened the lives of children who have suffered the tragedy of being sexually abused while a camera was trained on them. If Facebook cannot do that I really don’t know where it is going to leave the company’s reputation. And I don’t mean just with people like me.

Finally, be aware, dear readers, some of the members of the Silicon Valley chapter of the Sons of Anarchy are working on ways to encrypt metadata. Can you see where this is going? Can you see the next pressure point?  When other messaging services announce they are encrypting users’ metadata, rendering it unreadable, how will Facebook react?

What this highlights and reminds us is Facebook is really a victim of its previous policy of transparency and US laws on reporting. To that extent it is “unfair” to single them out or pick on them. There is a larger and wider issue to be faced about how modern societies tackle the emergence of strong encryption.  And we need to be emphatic about that. It is a societal issue, not a technological one individuals or companies can decide for themselves.

If there has been a rise in the demand for encrypted services it has been caused by the previous bad behaviour of companies like, er, Facebook. Surveillance capitalism did not drop from the skies, but when it got here it was compounded by the bad behaviour of certain Governments, as Snowden reminds us. However, we cannot let the previous bad form of Governments and companies create an insoluble problem for the rest of us.

Posted in Child abuse images, E-commerce, Facebook, Privacy, Regulation, Self-regulation

Anonymity and privacy in the time of encryption

“What’s in a name?” is a recent publication from Demos (full disclosure: many moons ago I was a founding trustee of Demos but I haven’t had much contact with them of late).

The Demos authors did a great job describing the conceptual differences between privacy, anonymity and encryption. They also acknowledged the interconnectedness of these ideas. However, they then decided to press ahead with a discussion about anonymity without really engaging with that interconnectedness in any depth. That was a grave error.

It wasn’t the only problem. Here is a sentence from the summary that makes no sense.

“We examine two identity systems – those of the Government Digital Service’s ‘Verify’ program and Facebook.”

I went through the Verify process recently. Quite a palaver.  It took several days although, to be fair, that could have been due to a lockdown-related surge in demand. Whatever the explanation, it was impressive and thorough.

You can create a phoney email address in seconds then proceed to open an account with Facebook. You could “borrow” someone’s mobile phone for a few minutes or use a burner and you’re in.

Back in 2013 Facebook acknowledged it was “powerless” to stop under age users from joining their platform. Data suggested more than a third of 9-12 year olds in the UK had a profile with them despite the specified minimum age being 13. Globally for the same demographic it was thought the proportion was around 25%.

In the intervening 7 years while Facebook has declined in popularity with that cohort another Facebook owned brand, Instagram,  has taken over and the proportion of under 13s  on it is thought to be higher. How can anything which allows that to happen be  dignified by describing it as an “identity system”?

Facebook collects usage data to sell targeted ads based on behaviourally driven algorithms. It’s not complicated. The fact that you can use your Facebook login to connect with other online services and these other services accept that as a “credential” is absurd.  Lies built on lies again hardly qualifies as an “identity system”, much less one which can produce any kind of anonymity worthy of the name.

Liberal Democracies

Another major problem arises when the authors speak about “liberal democracies” as if these could be addressed as a distinct group of nations that can be held to uncontested  standards unique to “liberal democracies”.

Just read the “Declaration of the Independence of Cyberspace” Remember the kind of thinking reflected there remains widespread in and around Silicon Valley, including among the highest levels of leadership of Big Tech as well as their acolytes and wannabes. External pressures, let’s call them “defeats”, might cause them to have to give ground from time to time but the underlying values, outlook and orientation remain.

The Declaration makes no distinction between “liberal democracies” or any other kind of government. It does, however, chime neatly with Ronald Reagan’s famous quote from ten years before the Declaration appeared. In 1986 he said

“The nine most dangerous words in the English language are ‘I’m from the Government, and I’m here to help’ “. I imagine when Reagan said that he was speaking about the Federal Government of the USA not the Politburo of the Soviet Communist Party.

Big Tech is a world  inhabited by people who think the absence of restraint means the same as “freedom” or “liberty”.   It is a world where “permissionless innovation” has the status of a deity guarded by a priesthood who take their job seriously. However, the only recognisable religion these notions really fit with is buccaneering free market economics.

It’s quite a marketing trick to make your business’s financial interests appear to be synonymous with intoxicating words like “freedom” and “liberty”. If they buy it, and many do, you neatly recruit free speech and free expression advocates as your infantry, sometimes without even having to hand them a dime but there’s lots of dimes available if needed to bolster their forward march or rearguard actions.

The democratic stakes

According to The Economist Intelligence Unit’s 2019 Democracy Index, the UK ranks 14th in the world democracy stakes. We are classed as a “Full Democracy.” The problem is a great many of the  “Declarationists” would laugh at the faintest hint of the UK being thought of as a “full democracy”. Alternatively they wouldn’t care whether it is or not. These dudes live according to their own lights. Because they can.

The ideologically driven exponents of tech freedom and liberty, as well as the money driven ones, might grudgingly admit there were some differences between Oslo (No.1) and Pyongyang (164th) but would not allow these  much if any relevance in a discussion about policy for the internet because all governments are evil or tend towards evil. If they aren’t evil today they could be, probably will be, tomorrow.

So  they go ahead and use strong encryption.  They seek to popularise it and spread it around as much as possible. The Rule of Law is a cute idea but only if the laws and the way they are administered meet with the approval of the priesthood.  See above.

Against this background, discussing how one might remain  un-named  when commenting on the Government’s  latest blunder seems …… I was going to write “trivial”, but it’s not. The ability to be anonymous sometimes can be important. Yet somehow being anonymous in a toxic sea seems a lot less important than some would make it out to be.

Do we need  a cyber equivalent of car number plates? Or something else?


Posted in Default settings, Internet governance, Regulation, Self-regulation, Uncategorized | Tagged