A quick take on three pretty terrifying changes to the Online Safety Bill


Estimated reading time: 7 minutes
Category: UK policy
Photo of a barbed wire fence © Tomas Castelazo, www.tomascastelazo.com / Wikimedia Commons

Yesterday the second draft of the Online Safety Bill was released, along with several hundreds of pages of explanatory notes and memoranda. It’s well over 500 pages of legalese to sift through, and I’ve not finished it all yet, and the analysis I’m doing for my work team (hi guys!) takes first priority.

That being said, I wanted to jot down some quick takes on three aspects of the Bill which you need to know, in the sense that you will not be able to sleep tonight once you know them.

Longtime readers will be aware that I’ve now been dealing with this Bill for three years in various professional capacities, and that I’ve penned a lot of words on it prior to this which I’ll be cross-referencing throughout. If you don’t want to spend your weekend reading legalese like me, you can have a deep dive through that.

If you’re keen for a legal deep dive right now, Matthew Lesh, who is a good egg, gave it a great read yesterday. If you want to read all 500 pages for yourself, please don’t. It’s Friday.

1. The Tories have lost their minds and I’m not even kidding

In the five and a half years since the referendum, the question of what the UK’s political intentions were for digital regulation in the post-EU era has shifted from a pub debate for techlaw geeks in the Cameron years, to a playful inquiry for my now-retired side blog in the May years, to UK gov’s promotional flag-shagging in the Johnson era, and latterly, to decisions wrapped in the slogan of “making the UK the safest place in the world to be online” which could only point towards an intention to wall off the UK splinternet.

Yesterday, though, the Tories went all-in on a display of bona fide lunacy.

In a social video to annonuce the publication of the draft Bill, the Minister for Digital – yes, her – boasted that “We’re leading the world in setting the standards for a better, safer internet for everyone.”

(Web standards geeks, the IETF, and the W3C were last seen rocking back and forth in a corner.)

The boasts about being a “world-leading” plan have been inherent to the Bill since the green paper phase, and are an open joke in policy circles. But watching the social video she posted is the moment you had to stop laughing about it.

Because against an image of a waving Union Jack, the narrator declared

“The World Wide Web was invented by a Brit.”

(Preserved that clip for posterity)

And in that chilling moment, government’s obsession with being “world-leading” – combined with their whingeing narrative of victimhood which defined their other PR ahead of the Bill, as they played buzzword bingo with SiliconValleyWokeryNickCleggBigTech, became crystal clear.

Becuase in that moment, we realised that the UK government doesn’t just want to splinter off the British internet to “make it the safest place in the world to be online.” They’re way more around the bend than that.

Because somehow, in the year of our lord 2022, the UK government has got it into their heads that the world wide web was a British invention that was <Gollum>stolen from them</Gollum> by SiliconValleyWokeryNickCleggBigTech, and they want their precious back.

Somehow, the UK government has decided that through the magic of “world-leading” legislation, they can put the internet back in the box, claw the web back to 1989, stick a British flag on it, set it up by British rules and British standards, and fix it to be perfect in a very British way; and the rest of the world will fall to their knees in gratitude at the benevolent return of their white colonial masters.

Politics is the art of give-and-take, of negotiating, of the art of diplomacy and finding the best way forward for everyone. History teaches us that you can’t negotiate when you’re locked in a bunker, or an oval-shaped office, raving about the things that you think people have stolen from you.

So, I suppose the UK can claim one early success on this Bill. Because government’s intention to re-nationalise the web as a British invention, and to claim the moral right to reshape its rules and standards based on the birth origin of one man thirty years ago –

in other words, an attempt to weave a pseudo-patriotic mythology to support a political objective –

does indeed put the UK in a “world-leading” category.

World-leading lunatics.

(Incidentally, I don’t know if that particular Brit, who invented the WWW while working on an international project in Switzerland, using largely American technology, and inspired by an Argentine writer, and who has since helped to create a Foundation that works to keep his invention universal and free from government interference, was consulted about DCMS’s PR campaign in advance, or if he has given his consent to the UK government’s attempt to patriotically re-nationalise the internet on his back.

I’m guessing not.)

2. The end of intermediary liability and the introduction of a general monitoring obligation

I regret to inform you that this grand post-European legislative experiment has landed us exactly there, and that the “you’re joking, right” scenario we were able to casually chat about merely a year ago is now real life.

The draft Bill’s explanatory notes provide an ominous reminder (see page 12) that

Article 15 of the eCD also contained a prohibition on the imposition of requirements on service providers to generally monitor content they transmit or store, or to actively seek facts or circumstances indicating illegal activity. […] there is no longer a legal obligation on the United Kingdom to legislate in line with the provisions of the eCD following the end of the transition period on 31 December 2020.

Having swept 25 years of intermediary liability into the bin, the draft Bill text then goes on to establish a general monitoring obligation for both illegal content and legal content, which of course, means anything conveniently stuffed into the rubric of “children’s safety”.

In a sane world not rent asunder by war and plague, this would be the biggest story there is.

Because the UK is, indeed, taking the “world-leading” stance – not duplicated by any other western nation – of requiring any business or organisation whose online presence could possibly be accessed in the UK to proactively monitor and scan for legal content.

That means you and your business and your project, not just the five or six companies the people who cooked up this law think the Internet is.

This hits everyone and everything.

I want to give you good news here, I want to give you something productive, I want to give you something constructive to work with and take to your elected representatives.

But I keep hearkening back to all the discussions I’ve had, in the various capacities I’ve worked in, in the three years this Bill has eaten up my life, with tech people. Not big tech, not corporate lobbyists, not EvilCorp, just real people working in startups or small businesses or open source projects. Independently of each other, all of them have said the same thing: the UK is not worth it.

They are all focusing on the EU market, its half a billion consumers, and the compliance obligations of the DSA. Those obligations, as onerous as they are, rest within a framework which respects and safeguards the rights to freedom of expression and privacy, as opposed to the UK’s steady progress on stripping away those rights and imposing a requirement, on them, as the operators of services, to invade them.

If it comes to it, these people have told me, they will block UK users, and end their services here, rather than deal with UK gov’s Orwell shit.

I can’t blame them for that. Could you?

But. That’s not even the half of it, because what we learned in yesterday’s draft Bill release actually gets worse. It’s not just that you will have a general monitoring obligation over the British population and their presumed deviant criminality. You are going to be required to scan for that content, in a very specific way, to make very specific people very rich.

3. Making it rain for British Safety Tech

Scroll up and read the extract from the draft Bill which Graham has shared again, which discusses “proactive monitoring by use of technology.”

This of course refers to the aspirationally lucrative domestic stalkerware and surveillance industry, which UK gov has enthusiastically promoted as a Great British Tech Industry in the aftermath of the post-Brexit tech brain drain. These are the applications which monitor you, and your children, and what you’re saying, and how you’re saying it, and who you’re talking to, and what you’re looking at, in the guise of “keeping you safe.” Their existence is the culmination of Theresa May’s vision – the Online Safety Bill was born in her government, after all – to repurpose the UK tech sector, after Brexit, for domestic surveillance and control.

And verily, they were fruitful and multiplied.

And these companies are British, and they fly British flags, which means that DCMS and UK gov have spent several years creaming themselves to give the sector and their lobbyists anything they want. Free publicity, a whole DCMS department dedicated to promoting them, an erosion of the pesky privacy and cybersecurity regulations which prevent them from being able to directly intercept the content on your phones and surveil your interactions – and yes, those legal moves are happening too, separate from the Online Safety Bill but very much to support them.

What this means for you is that not only will you be required to proactively monitor everything your users say and do, you’ll be expected to use specific forms of technology, and applications, and services, and oh wow what a surprise, DCMS has a list of businesses you can contract with for all your privatised surveillance obligations.

Make no mistake, you will be expected to contract with these services, and spend a lot of money on them, as the cost of doing business in the UK, no matter who you are or where you are or what service you provide. If you don’t, you are in violation of your duty of care to children – the children! – and you can have your service shut down.

Because, folks, we are ruled by hypocrites. Four legs bad. Two legs good. Surveillance and monitoring of your conduct and content by Silicon Valley is bad. Surveillance and monitoring of your conduct and content by British Tech is good. Corporate lobbying by Big Tech who want laws shaped around their privacy-invasive business models is bad. Corporate lobbying by British tech who want laws shaped around their privacy-invasive business models is good. Four legs good. Two legs bad.

Spare a thought for the children – the alleged targets of this Bill, but in this light, hardly so – whose rights to privacy and freedom of expression, and the right to grow up and shape their own worldviews outside privatised parental, corporate, and government surveillance, are being thrown in the bin here too, because the kind of corporate lobbyists that this government approves of want to make it fucking rain.

More to come next week. The sun is shining on my garden.

Header image: © Tomas Castelazo, www.tomascastelazo.com / Wikimedia Commons

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.

6 Comments

  1. Russ says

    Is there anything in the bill on the actual mechanisms envisaged for age verification? Maybe I have missed something, but all I can see are a number of instances of ‘…for example, by age verification’. Given the age verification measure collapsed and was dropped in 2018/9, why has it re-appeared now? What is new, now, compared to a few years ago?

    Or has the Government accepted that age verification really isn’t going to work in a serious way, and has merely included the ‘…for example, by age verification’ phrase as a partial conciliation to satisfy the third-party age verification industry. I can’t help thinking the ‘for example’ part of the phrase is significant, but how?

    • I wrote about that here in my previous professional capacity:
      https://www.openrightsgroup.org/blog/age-verification-in-the-online-safety-bill/
      by my quick skim – e.g. don’t hold me to this – that has not changed in the second version of the Bill released yesterday.
      In other words, mandatory age verification is brought in sideways not necessarily to protect children from any given subjective and non-adult content, but as a requirement that service providers will need to meet to achieve their compliance obligations. No age verification = noncompliance.

  2. Russ says

    Thanks for that articulation, but the situation is even madder than I feared (I had not appreciated that no age verification = noncompliance). That said, I take some consolation from the actual words of the proposed bill, namely “(for example, age verification, or another means of age assurance)”, and also “The verification process may be of any kind (and in particular, it need not require documentation to be provided).”

    I regard ticking a ‘I am over 18’ box as a reasonable and sensible attestation (= assurance) of one’s age. No doubt that is seen as an old-fashioned way of looking at things. Ho hum.

  3. Great article, thanks – I’ve plastered it all over Nad’s post on Twitter 😉. Do you have a link for this:

    “DCMS has a list of businesses you can contract with for all your privatised surveillance obligations.”

    Keep up the great work.

Comments are closed.