Decyphering The Online Safety Bill / Internet Safety Act
It would be embarrassing, if it wasn’t so damn deserving of public shame and ridicule
As I mentioned in my last article, I have been somewhere lost deep down the rabbit hole of the UK’s Online Safety Bill – the version that is to be given Royal assent and enacted as the Internet Safety Act 2023.
What follows is just an interim off-the-cuff reaction on my first brief thumb through the entire soporific door-stop.
First, speaking as someone with almost two decades in IT/ICT – first as a senior systems engineer building server rooms and data platforms, and later as a solution and infrastructure architect designing and implementing everything from large virtualisation platforms when they became a thing, and even entire datacentres, I can say this:
Either the politicians who wrote the Online Safety Bill were being deliberately obtuse and vague in order to build a law that could trap almost anyone for almost anything online, or they really are as technologically illiterate as some commentators said back in 2021.
Even when measured against the best that legislating and lawmaking has to offer, the Online Safety Bill is an exceedingly verbose, repetitive waste of over 300 pages and in many sections, a great way to say nothing at all.
In fact, if only the politicians listened to all the highly knowledgable technologists like me who for two years have been telling them they were barking up a squirrel-less tree, or even the pleading encouragement of singer Ronan Keating, I could have done something far more interesting with my week.
Online Harms / Safety Laws
The UK’s Online Safety Bill (OSB) was first published in draft form during the Covid-19 pandemic in May 2021. The OSB appears to have been targeted as a blunt instrument against what were considered to be the issues of the day 1.
It is a long and torturous document consisting of eleven parts encapsulated in over three-hundred pages that have received more than a hundred major and minor amendments in just the last six months.
The OSB is seemingly predicated on parliament’s belief that in spite of the last 15-20 years (and perhaps because of it), we are all too naïve and psychologically fragile to be allowed unrestricted access to the internet and all interactions with the online world should be monitored, controlled and censored by the government working in conjunction with big tech companies.
This monitoring would occur on even innocuous communications where we might simply be messaging a friend to set up a meeting or saying happy birthday to a loved one. Parliament claim the OSB’s purpose is to make use of the internet safer for all individuals 2.
Meanwhile, we can only infer that a safer internet simply means what remains after operation of the Bill, because the Bill itself never actually provides concrete definitions for many terms – leaving big tech, police and courts to infer what might constitute a safe internet or the quantum for nebulous harms that providers are required to protect us from.
There are three key areas where the UK’s OSB has significant potential to negatively impact the safety of every internet user in the UK:
First, the OSB introduces new rules for age gating on the internet that could see many more people being targeted by phishing attacks and becoming victims of identity theft. The OSB provides that age verification or estimation must be highly effective at correctly determining if the user is a child 3.
For most web services the current process of having a click box for the user to agree to the statement I am over 18 will no longer be sufficient. Under the OSB, a platform or service provider is only allowed to conclude that children cannot access their service if they have age verification or estimation in place.
Websites will have to begin requiring users to provide age verification identification such as a copy of their drivers license or passport that will for repudiation will be verified using the previously established know your customer (KYC) checks.
However, it is only a matter of time before all manner of illegitimate and fraudulent websites also compel people landing on their sites to provide identification, except that in these cases the result will be a marked increase in identity fraud.
Second, in order to comply with the OSB, tech companies and solution providers will be required to embed backdoors or directly spy on the user’s device that is running any application or service that uses E2EE.
Where OFCOM issues a notice on solution providers such as Signal or WhatsApp under S.122 of the OSB, the provider will be required to start scanning your messages before they are sent to the receiving party.
Commentators like Talk TV’s Julia Hartley-Brewer point out that the OSB removes the balance that currently exists between keeping people safe from the minutely small number of child abusers and organised criminals, and the rights of the overwhelming majority of ordinary law abiding citizens to have conversations with their family and friends and buy groceries on the internet without the ever-present eye of Big Brother or The State telling us what websites we can access and what we can and cannot say 4.
Rather than maintaining the standard for targeted surveillance based on evidence or suspicion of criminality with judicial oversight, the OSB effectively mandates installation of a ‘bug’ on every citizen’s smartphone and computer to monitor everything we say and do.
It is inescapable that the impact of the OSB is seen by many as being entirely disproportionate to the harms and alleged criminality the government claim it is intended to protect us from.
Third, the OSB will usher in a new era of increased and unrestrained censorship.
Some sections of the OSB such as those on protecting content of democratic importance seem almost self-contradictory, with the only inference being that parliament intends to protect only their preferred side of any political debate.
For example, Section 17 calls both for protection of content of democratic importance that contributes to political debate, and for taking actions such as warning, suspending or banning individual users for production of content which they may legitimately intend as a contribution to the political debate – excepting that it expresses a contrasting point of view to that which the politicians of the day prefer.
Sections 17-19 could be read and potentially reframed as duties to protect against content of democratic dissent.
Section 20 is a provision that could be (ab)used by the easily offended, online trolls and vindictive persons to raise false or vexatious complaints of psychological harm regarding otherwise legal content so that platform owners and service providers are forced to take it down and potentially sanction the individual who created or posted the content.
This becomes even more difficult when platform and service providers are required to undertake risk assessment duties in order to establish response policies that must take into account the potentially unquantifiable risk and severity of potential harm 5.
What might be considered as harmful by one person might be just another day at the office for someone else 6. Similarly, what one parent may deem as harmful content for their child to be exposed to, another parent may consider as necessary educational material 7.
The OSB appears silent as to who, beyond the checklists and policies of the complaints support and risk assessment teams of the platform or service provider, and how we should efficiently and expeditiously evaluate these disagreements.
The OSB makes it easier and possibly even necessary to protect shareholders and content creators from criminal prosecution and financial liability by simply accepting every complaint on face value, and thus ensures we become an overly censorious civilisation headed towards Idiocracy 8.
It would also seem that deferring these matters to the courts will be expensive, time consuming and more alike swatting a fly with a sledgehammer.
How are users, platform and service providers, police and the courts meant to evaluate the true extent of any individual’s claim of psychological harm, especially when it can be made by the more easily offended, trolls and vexatious persons.
How are courts to weight their allegation of psychological harm against the normal civil reasonable person standard?
Many other issues exist in the OSB, including that it is wasteful in part because it calls on service providers to censor content that was already actively protected by other legislation, for example:
(i) discrimination or abuse of an individual based on their protected characteristics 9Â – which already enjoyed protection under, for example, the Equality Act 2010 and The Public Order Act 1986 10; and
(ii) promoting, encouraging or providing instructions for suicide 11Â which in the OSB carries 5 years imprisonment – but had for many years, irrespective of the media used to convey the culpable imputation, been a criminal offence carrying a maximum penalty of 14 years imprisonment under Section 2 of the Suicide Act 1961.
When:
- suicide rates rose by only 2.5/100,000 12Â population (0.000025 percent) during the 15 year period after the internet became ubiquitous in homes and schools (Memon et al, 2018);
- mainstream studies say websites like Instagram are only a factor in six percent of the rise in suicides attributed to the internet – so six percent of the 2.5/100,000 population, which is only 0.15/100,000 or 0.0000015 percent (Johnson, 2021);
- cyberbullying may only be a factor in around 1/9 suicides and cybersuicide pacts were only a feature in at most 24.7/100,000 (or 0.000247 percent) of all suicides (Luxton et al, 2012);
It is difficult to understand how UK politicians believe these repeated OSB provisions with less harsher punishments will have an appreciable effect on the unverifiable Hansard claim of 5,583 annual suicides 13.
In response to the OSB, many tech companies including WhatsApp and Signal have already indicated their intention to leave the UK market. However, it is unlikely that this would result in UK users being unable to use these apps because many tech savvy people will simply find a way around the OSB.
Just as Apple and jailbreakers have played a cat-and-mouse game for more than a decade, with Apple patching a bug that allowed an exploit to jailbreak a device and the jailbreakers simply finding another exploit and continuing unabated, it is entirely foreseeable that users of E2EE apps will simply download backdoor-less compiled, binary or source code versions from users in other jurisdictions and use them via VPNs.
If the histories of both PirateBay and China’s ongoing and often failing attempts to prevent citizens from accessing websites and using these apps has taught us anything, it is that on the internet almost nothing can or will ever be truly stopped.
That being so, we can only infer that the real reason much of the OSB exists can only be because the government wants to monitor, capture, censor and control what the broader non-tech savvy population sees and does on the internet.
References
Memon, A. M., Sharma, S. G., Mohite, S. S., & Jain, S. (2018). The role of online social networking on deliberate self-harm and suicidality in adolescents: A systematized review of literature. Indian journal of psychiatry, 60(4), 384.
Johnson, K. (2021). Instagram taking its toll on teen girls’ mental health: report. NBC Connecticut. Last accessed; 7 October, 2023. Sourced from: https://www.nbcconnecticut.com/news/local/instagram-taking-its-toll-on-teen-girls-mental-health-report/2582713/
Luxton, D. D., June, J. D., & Fairall, J. M. (2012). Social media and suicide: a public health perspective. American journal of public health, 102(S2), S195-S200.
See more here substack.com
Header image: Chipping Camden Online
Please Donate Below To Support Our Ongoing Work To Defend The Scientific Method
PRINCIPIA SCIENTIFIC INTERNATIONAL, legally registered in the UK as a company incorporated for charitable purposes. Head Office: 27 Old Gloucester Street, London WC1N 3AX.Â
Trackback from your site.
Greg Spinolae
| #
I have not the tiniest doubt that the sum total of “tech-savvy” on the combined benches in the Palace of Westminster is as close to zero as may be asymtotically possible. That OSB is, and is DESIGNED to be, the device enabling digital CASTRATION of the tech-illiterati, is is a GIFT to behold seeing our air-head lawmakers voting for their own irrelevance.
Reply
Howdy
| #
Hmm, I wouldn’t expect sysadmins to be that objective since they have a mindset. Whether one is an IT specialist, virtual server admin, or anything else, makes no impact. The reason is there for anybody to see.
The internet provides knowledge that people must not have access to. Anybody who used the internet for a decade or two surely knows that content of the past is gone. The wisest sites are gone, so I save them for future reference.
Searches of common words brings up a disproportionate result of music, video, and other dross – needle in a haystack.
Youtube for example is a quagmire of junk, hiding the gems.
“Just shut up and watch the pictures”. Simple as that.
Reply