Banned article: The perfect storm in digital law

Estimated reading time: 10 minutes

This piece was originally published on 21 December 2015 in A List Apart, with the incredible editorial support of Lisa Maria Martin, and an illustration by Ping Zhu.

“So well written and absolutely ties into “Professionalizing the web industry” is exactly the point!” – Molly Holzschlag

“I could see a revolution happening if it keeps going this way. Your alistapart article opened my eyes how bad it’s really getting” – Luke Watts

On 18 March 2016 A List Apart deleted the piece without warning or consultation. I was informed of this in a cold four-sentence email from Jeffrey Zeldman with no explanation at 4 PM on a Friday. I had to beg him for a explanation of why. I was eventually and rather resentfully informed that the decision had been made on the grounds that “an article taking a somewhat contentious stand on a thorny and controversial topic of EU and international law is frankly beyond our ability to support.” He also made several allegations about my professional integrity and my motivations in writing the article with no right of response.

It begs the very obvious question of why A List Apart approached me, commissioned me to write a deliberately provocative article, had me as a guest on Jeffrey’s podcast, spent two months supporting me throughout the rigorous editing process,  and then kept the piece published for three months only to expunge all mention of it with no notice. Why does a publication that successful need to engage in the callous act of building people up to tear them down?

In deleting the article, A List Apart also deleted the vital and healthy debate about it which ensued in the comments section. I’m so sorry to everyone who felt inspired to comment, both positively and negatively, as I deeply valued your feedback and opinions as well as your time. Your thoughts, to me, were the most important part of the work. (Edit: thanks Michael Fienen for finding them on Archive. Much appreciated.)

It’s been said that you know you are making an impact when someone tries to stop you. So here it is, the topic that is apparently too dangerous to discuss: the future of the web profession itself.

Illustration by Ping Zhu

It has been a very strange year to be a digital law specialist. In a matter of months we have seen “experts,” courts, and politicians suggest that website administrators should get rid of comments, social sharing, analytics, links, and shopping carts, all as a means of coming into compliance with European legislation. Even pro-European developers are at their wits’ end dealing with the deluge of uninformed advice about how their websites are apparently supposed to work.

The response of web professionals outside the European Union to 2015’s legal developments has been, quite understandably, “Well, I’m not in the EU, so these laws don’t apply to me, right?” To their surprise, legislators have been clear in their expectation that any website in the world accessed by any European citizen must comply with European digital laws. In response, developers worldwide have had to invest countless unpaid hours and resources into understanding their compliance obligations, despite much of the guidance being incorrect, outdated, or even incomplete.

These digital laws, of course, are only as good as the work that has gone into them. That work has clearly left much to be desired. To create better digital laws, legislators need to be able to work with experienced industry professionals who possess both technical expertise and political savvy. If only they could.

Nearly twenty years into our craft’s existence there is, in the literal sense, no such thing as the web profession. We have never professionalized. We lack any form of centralized, cross-platform, and cross-industry organization. There is no Royal College of Web Designers, American Web Developers Association, or Chartered Institute of Programmers. There is no one we pay dues to, no association we belong to, and no union to fight our corner. No common organization protects Ruby coders, content writers, and Drupal developers. We do not have lobbyists, government liaison officers, or rapporteurs. No one is employed to make our voice heard in the policy sphere—and this is a problem.

To date, conversations within the profession about industry organization have revolved around the issues of accreditation and certification. The political aspects of professional organization have never entered the picture. For what groups do exist, a search for “web design and development organizations” reveals pay-per-inclusion directories and outdated sites offering outdated courses. These “organizations” are little more than moneyspinners preying on vulnerable entrants to the profession, and proof that in the absence of a genuine association, anyone can buy a domain calling themselves one.

A true organization aspires to what governments call consultative status: recognition of a professional body as the authentic voice of its industry. Consultative status conveys authority to industry professionals in the eyes of governments. Organized industries working within this model have political offices in their national capitals, are funded by their members, provide expertise born of practical experience, and review draft legislation pertaining to their field. It’s a model that has worked for centuries for older, wiser, and more organized professions.

There is, however, a catch: the consultative model of government legislation does not work when there is no industry body to consult with. That’s why the web profession, through its own decisions, has neither consultative status nor the resources to provide it.

The gathering storm

On a policy level, the fierce individuality characterizing the web profession has meant that we have chosen not to have a voice. That lack of organization has left us unable to address a range of existing problems that have recently combined to create a “perfect storm” in digital law. That storm now threatens to engulf the web profession.

Ivory towers

Some digital laws do indeed make the web a better place, and there are even politicians who can code to a competent level. Unfortunately, they are few and far between. Too many of the laws impacting our craft are what internet law professor James Grimmelmann dubbed “unhelpful interventions”:

Unhelpful interventions fail because they fail to engage with key aspects of how and why people use [the internet]… The key principle is to understand the social dynamics of technology use, and tailor policy interventions to fit. When an intervention keeps users from doing what they want to, they fight back. Helpful interventions, on the other hand, succeed because they do engage with these social dynamics.

“Unhelpful interventions,” as we are all painfully aware, are regulations drawn up on paper by politicians who not only never touch a computer, but are openly proud of that fact. These politicians then rely on the opinions of academics who have credentials, but no technical experience. (Indeed, a professor retorting Grimmelmann’s work expressed bewilderment that he actually used the technology he was writing about. Academics, after all, are supposed to live in an ivory tower.) When policies about code are drawn up inside a theoretical vacuum, what results are counterproductive digital laws—like VATMOSS, the EU Cookie Law, and, after Paris, the renewed legislative assault on encryption—grounded in a defiant rejection of how people actually use the web.

Of course, no one is saying that the makers of the web should be exempt from compliance with digital laws, helpful or otherwise. Indeed, greater legal understanding is desperately needed within our industry. The problem is that these obligations are not only global, but carry frightening levels of legal liability. In a single day, a developer may have to code in compliance with European privacy law, Japanese VAT, and Spain’s “Google Tax.” Good luck explaining that to your professional indemnity insurance provider. Add those obligations to the fact that some digital laws directly conflict with each other—at times, within a single web page—and what results is having to make a personal judgment on which laws to break and which laws to comply with. When digital professionals are put in that position, as you inevitably will be, there is no industry body to call on for support.

Endless committees

An added complication in digital law is the glacial process of internet regulation. Laws governing code can take six, eight, or even ten years to travel from proposal to implementation. Web development works a bit faster than that.

Accessibility laws are a classic example. In the United States, the Section 508 refresh—the update of the law regulating accessibility standards in Federal government websites—has been in progress since 2006. The refreshed standard may be published in 2016 for implementation in 2018. Until then, developers working for the federal government are required to retrofit their work to a pre-WCAG desktop standard from 1998. In the EU, a comparable law mandating accessibility in public sector websites has been languishing in committees since 2012. The only progress made since 2014 has been a four-page committee report (PDF) and yet another draft (PDF).

Government legislation must be thorough, deliberate, and measured. Indeed, legislation regarding the internet that is pushed through quickly—like attempts at mass digital surveillance—is rarely good news. However, digital laws are ultimately documents. It should not take longer to create and ship a document than it takes to create and ship the Olympics. Yet it does.

When an industry working at light speed meets a political process working at committee speed, what results is a surreal state of play where professionals are required to comply with digital regulations that are already outdated by the time they become law. Web professionals are also obliged to wait years for promised reforms, and ensuing changes to their workflows, that never materialize. Without an organisation to act through, liaising with governments becomes a matter of individual effort, which inevitably results in frustration, burnout, and contempt. In the absence of support, the absurd pace of the political process repels the very people who need to be the most involved.

Now it’s personal

Perhaps the most disturbing damage caused by our lack of professional organization has been the slandering of web professionals for offering informed challenges to uninformed laws. Unaffiliated individuals, after all, are easy targets.

For example, ecommerce developers who were not informed about the poorly communicated VATMOSS reforms have been labelled “unprofessional”; a web-savvy EU politician trying to modernize copyright law was accused of being an agent provocateur in an American conspiracy bankrolled by Facebook and Wikipedia; and I have been called a “useful idiot” and “anti-privacy” for speaking up about the problems with the EU Cookie Law, and was monitored on a Twitter list called “underhand people” by a compliance software vendor (curious behavior for a privacy advocate).

Personal attacks on web professionals are even being deployed as a political tactic. Campaigners on VATMOSS have written extensive briefings on the ensuing web development issues involving shopping carts, geolocation data, and IP spoofing. Rather than address those concerns, bureaucrats adhere to talking points insisting that the outcry amounts to a few British moaners complaining about the lack of a VAT threshold. Informed professionals who actually understand the technologies at hand are being openly disparaged by uninformed policymakers, and no one has their back.

Unsafe harbors

The final element in this perfect storm is differing cultural expectations about the role of digital laws. The United States, says the stereotype, sees Europe’s digital laws as anti-business, anti-free speech, and pro-regulation. The EU, in turn, sees the United States’ digital laws as anti-privacy, reckless, and dictated by corporate interests.

While neither stereotype was ever really accurate, the Safe Harbor verdict in October formalized that difference of opinion into law. The ruling (PDF) by the European Court of Justice, which examined the Safe Harbor agreement by the United States to respect European data protection standards, found that the 15-year-old document—in light of the Snowden revelations—was no longer worth the paper it was printed on.

The two systems have reached a stalemate. Europe is demanding that the US tech industry respect European traditions of data protection and privacy, while exasperated US companies reply that they are powerless to change the source of the problem—mass surveillance—and that they, too, are victims of it. While the two sides bicker, the makers of the web have been left to fathom the implications for our work in a world where the most fundamental agreement in digital law has been torn up.

The web we have always known is now at risk of becoming the “splinternet,” a web divided along political and ideological lines. International walls are being built across a web that was meant to be borderless. Some of the walls are actually physical. Sadly, there are those who would gladly build them. That was the case with a French politician who claimed that American services like Facebook and Soundcloud were harming European creators and wanted to restrict their activities in Europe by law. Digital professionals in Europe were briefly at risk of losing their US-based tools out of politicians’ bitterness and jealousy.

Meanwhile, in America, the US Department of Commerce, which administers the Safe Harbor agreement, has responded to the verdict declaring it invalid by…completely ignoring it. On their website, they proudly announce that they are continuing to administer the program as usual. I can’t decide whether their determination to continue running an invalidated program is tragic or comic. Whatever it is, their stance is the digital law equivalent of sticking your fingers in your ears and singing “LA LA LA CAN’T HEAR YOU!”

Spite is never a healthy basis for policy, but at the moment, digital laws are in the hands of some rather dysfunctional individuals who are determined to take their balls and go home. No one is standing in their way.

We are the problem

This, then, is the perfect storm over our heads. The foundations on which we have built the web are being torn apart; the international matrix of compliance obligations grows more complex by the month; those who speak up are being attacked; and our everyday tools have become political footballs.

What can we do about it? In order to weather the storm, we must move past our tribal mentality and literally professionalize. We must redefine our craft as a profession, and that means acting like one: having organizations, industry bodies, and political representation.

Our craft is lateral: we educate each other through informal channels, communities, and social media. Governments, however, are vertical: they distribute information downward through authority organizations. This mismatch in communication means unnecessary hassle on both sides: for web professionals, it means learning about digital laws and compliance obligations by chance on social media. For implementing bureaucracies, it means being bombarded with complaints from individuals who, as far as they are concerned, had their chance to contribute to the process in a formal consultation held years ago. That passive-aggressive cycle is every bit as dysfunctional as the laws themselves.

We cannot expect governments to deviate from the consultative model that works for every other industry in the world to accommodate our personality quirks. Whether we like it or not, we have to start playing their game by their rules. The fact is that governments do ask and they do consult. We have simply chosen not to show up for the talks.

Unifying as a professional industry gets results. Earlier this year, a frightening UK draft internet surveillance bill was temporarily defeated thanks to the intervention of digital rights groups and tech-savvy politicians. One of the grounds that led to its defeat was the fact that the relevant industry body—in this case, the Internet Service Providers’ Association—had not been consulted on the draft law. In the scariest of political circumstances, the answer really was as simple as that. Where an industry body with professional standing exists, and that body has not been consulted on a law, the law is not legitimate. But where no industry body with professional standing exists to offer informed challenges to a law, it’s not the law that lacks in legitimacy.

Divided we fall

In the 1990s, researcher Alan Ryan wrote that “the internet is good at reassuring people that they are not alone, and not much good at creating a political community out of the fragmented people that we have become.” He might have been talking about us today. We have invented everything but a political community. We have no excuse for that.

Our lack of a voice in digital law is no one’s fault but our own. We refuse to look past our personal differences, we do not show up for the political process regulating our own work, we squander our energies firefighting unhelpful interventions, and we disparage the legislators who made them—and they disparage us right back. If it seems as though politicians don’t take the web profession seriously, it’s because we have given them absolutely no reason to believe otherwise.

This year the most crucial elements of the web were placed under legislative threat. Those threats are already returning, and to fight them, we need to change tactics—and fast. That perfect storm is over us, right here, right now. Until we unify, organize, and act, we are standing in it by choice.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.