The UK recently announced new internet regulations, and things only get more difficult from here
Following the arduous multiyear passage of the Online Safety
Act through the UK's lawmaking process, regulator Ofcom has published its first
guidelines for how tech firms can comply with the mammoth legislation. Its
proposal outlines how social media platforms, search engines, online and mobile
games, and pornography sites should deal with illegal content such as child
sexual abuse material (CSAM), terrorism content, and fraud.
Today's recommendations are being presented as
suggestions so that Ofcom may gather feedback before they are approved by the
UK Parliament at the end of next year. Even so, the specifics will be entirely
voluntary. Tech companies can ensure they're following the laws to the letter. Still, they can also take their own strategy as long as they demonstrate
compliance with the act's overall rules (and, presumably, are willing to battle
their case with Ofcom).
"What this does for the first time is put a duty of
care on tech firms to have a responsibility for the safety of their
users," Ofcom's online safety chief, Gill Whitehead, tells The Verge in an
interview. "When they become aware that there is illegal content on their
platform, they have got to get it down, and they also need to conduct risk
assessments to understand the specific risks that those services might
carry."
The goal is to require sites to be proactive in stopping the distribution of unlawful information rather than just playing whack-a-mole after the fact. According to Claire Wiseman, a lawyer who specializes in technology, media, telecoms, and data, the goal is to encourage a shift from a reactive to a more proactive approach.
According to Ofcom, some 100,000 services may be subject to
the broad guidelines, however, only the largest and most risky platforms will be
subject to the most stringent standards. These platforms should implement
measures such as not allowing strangers to send direct messages to children,
employing hash matching to detect and remove CSAM, retaining content and search
moderation teams, and providing mechanisms for users to report harmful
information, according to Ofcom.
Many of these procedures are currently followed by large
tech platforms, but Ofcom hopes to see them used more consistently. "We
think they represent best practice of what's out there, but it's not
necessarily applied across the board," Whitehead said. "Some firms
are applying it sporadically but not necessarily systematically, and so we
think there is a great benefit for a more wholesale, widespread adoption."
There is one notable exception:
the platform known as X (previously Twitter). The UK’s efforts with the
legislation far precede Elon Musk’s acquisition of Twitter, but it was passed
while he sacked big sections of its trust and safety teams and presided over a
relaxing of moderation rules, which might put X in conflict with regulators.
According to Ofcom's requirements, users should be able to easily block users –
but Musk has openly indicated his plan to eliminate X's block feature. He has
struggled with the EU over similar laws and is said to have considered leaving
the European market to escape them.
When asked if X had been cooperative in conversations with
Ofcom, Whitehead declined to comment but said the regulator had been
"generally encouraged" by the response from IT firms in general.
Other illegal damages covered by Ofcom's regulations include
content that encourages or helps suicide or serious self-harm, harassment,
revenge porn and other sexual exploitation, and the supply of drugs and
firearms. Search engines, for example, should include "crisis prevention
information" when users input suicide-related queries, and when
corporations change their recommendation algorithms, they should do risk
assessments to ensure that they are not amplifying illegal content. If users
feel a site is not following the guidelines, Whitehead says they will be able
to report directly to Ofcom. If a company is found to be in violation, Ofcom
has the authority to assess fines of up to £18 million (about $22 million) or
10% of global revenue, whichever is greater. Offending websites can even be
blocked in the United Kingdom.
Today's consultation addresses some of the least contentious
areas of the Online Safety Act, such as restricting the distribution of content
that was previously banned in the UK. As subsequent updates are released, Ofcom
will have to address more sensitive issues, such as legal but damaging content
for minors, underage access to pornography, and protections for women and
girls. Most contentiously, it will have to interpret a part that
critics argue may fundamentally weaken end-to-end encryption in messaging apps.
This particular section gives
Ofcom the authority to mandate that online platforms identify malicious code
using "accredited technology." However, digital rights organizations,
WhatsApp, and other encrypted messaging services claim that this monitoring
would necessitate breaching the encryption systems of the apps and compromising
user privacy. Whitehead said Ofcom will consult on this matter in the upcoming
year, so it's unclear how this will affect encrypted texting in its entirety.
Artificial intelligence is a different technology not discussed in today's session. However, it doesn't imply content created
by AI won't be subject to the guidelines. According to Whitehead, the Online
Safety Act aims to address online damages in a "technology-neutral"
manner, regardless of how they were caused. Hence, a deepfake used to commit fraud
would be in scope due to the fraud itself, while AI-generated CSAM would be in
scope simply because it is CSAM. Whitehead asserts, "We're regulating the
context, not the technology."
While Ofcom says it’s trying to take a collaborative,
proportionate approach to the Online Safety Act, its rules could still prove
onerous for sites that aren’t tech juggernauts. BBC
News notes that Ofcom’s initial set of guidance is over
1,500 pages long. The Wikimedia Foundation, the nonprofit behind Wikipedia,
tells The Verge that it’s proving increasingly challenging to comply
with different regulatory regimes across the world, even if it supports the
idea of regulation in general. “We are already struggling with our capacity to
comply with the [EU’s] Digital Services Act,” the Wikimedia Foundation’s VP for
global advocacy, Rebecca MacKinnon, says, pointing out that the nonprofit has
just a handful of lawyers dedicated to the EU regulations compared to the
legions that companies like Meta and Google can dedicate.
As a platform, we acknowledge
our obligations, but as MacKinnon puts it, "It's problematic when you're a
nonprofit and every hour of work is zero-sum."
According to Ofcom's Whitehead, the Digital Services Act and
the Online Safety Act are more like "regulatory cousins" than
"identical twins," meaning more work is involved in complying with
both. She points to Ofcom's efforts to establish a global network of internet
safety regulators as evidence of the regulator's efforts to facilitate
cross-border operations.
Enacting the Internet Safety Act amid a
contentious period in British politics was challenging enough. Perhaps the real
difficulties are just getting started, though, as Ofcom starts to fill in the
details.
0 Comments