Like most of the policy world, the UK’s Online Safety Bill is currently having a lie down in a darkened room for the duration of the summer recess. It will return, in one form or another, in September, where a third Prime Minister and a seventh Secretary of State for Digital, Culture, Media, and Sport will take charge of it. Lucky them! As for whether they will choose to put the Bill through a fourth year of revisions, tweaks, and discussions, or put it out of its misery once and for all, that remains to be seen.
Throughout its life, the Bill has made strange bedfellows of the most implausible political opponents. (Personally, I’ve quite enjoyed working in and with these strange alliances; they have been the art of politics as its best.) Right now all of those people, organisations, and coalitions – whatever stances they take, or whatever their aspirations for the Bill – agree that it cannot continue as it has. This thing is not working. It has to change.
Ahead of its return, I want to offer some constructive thoughts on how the Bill’s risks should be mitigated, its uncertainties clarified, and its weaknesses improved. (After dealing with the damn thing for three years across three separate jobs, more meetings than I can count, and over 50 articles, posts, and media appearances, I’m more than qualified to do so.)
For your sanity and for mine too, I’m breaking this series down into three smaller posts. I will publish them as my time, my day job, and my homework assignments permit. But this post, in some ways, is the most important one, and one which needs to be read in front of all others.
And yes, I said I’d be constructive, but the posts that will follow this one are going to be an academic exercise.
Because this Bill is not fixable.
It does need to be torn down and restarted from scratch.
Let me explain why.
Astructure that is built on a rotten foundation – whether that’s a seaside condominium, a marriage, or a piece of legislation – is going to collapse. There is nothing you can do about it. Sooner or later, A is going to lead to B.
You can try to retrofit a form of support – a quick repair, couples therapy, or an electoral delay – as a temporary fix, as a form of denial, or as a workaround to give people enough time to evacuate. The thing is still going to collapse.
You can live in that denial, you can wait for the gruesome end, or you can take back control and knock the whole thing down before it takes a lot of good people down with it, including yourself.
(For more of my bad building:internet metaphors, see my <shamelessplug>upcoming privacy book</shamelessplug>, where you’ll find a shedload of them in Chapter 4.)
The structure we’re talking about today – the Online Safety Bill – has been built on four different rotten foundations.
Not one, not two, not three. Four.
Let’s wade through their rubble.
What the Bill stood for
First, cast your minds back to the Bill’s origins in 2018-2019, and consider the central philosophy which gave birth to it. That philosophy was not a desire to make the internet safer for children. That philosophy was not to rein in the tech giants. That philosophy was not to enter the manufactured American culture wars.
That philosophy was Mayism.
If you’re not familiar with it, Mayism was a term coined by the Sky News technology correspondent, Rowland Manthorpe (who is honestly one of the nicest guys in Westminster and so say all of us), to describe Theresa May’s approach to tech policy, both domestic and foreign.
You can – and should – read his essay here. It’s one of the best pieces you’ll ever read on Brexit-era politics.
If you don’t have time, you should at least know that he characterised Mayism by four values which reflected Theresa May’s very…distinct personality, worldview, and political beliefs:
- Antagonism towards big tech, which attempts to regulate the open internet around Big Tech as if it is all Big Tech;
- Technological nationalism, which openly aspires to create a British (spl)internet for British people;
- The surveillance state, which seeks to repurpose the UK’s post-European tech sector for domestic monitoring, and the maintenace of public order, as an outsourced social safety net; and
- Inaction, which talks a lot, demands a lot, points fingers a lot, and pounds on tables a lot, but never actually achieves anything.
That philosophy gave birth to a Bill which aspired to be the One Weird Trick to achieve all four goals. Unfortunately, in practice, that One Weird Trick laid the framework for a Chinese-style Great Firewall, outsourced to the private sector, in a western liberal democracy: a goal which, among so many other things, is completely incompatible with the traditional Conservative values of small government, light-touch regulation, and personal freedom.
It was never going to work. No philosophy of regulation which views the internet as a naughty and intransigent thing that needs to be put back in its place, by any means necessary, is ever going to work.
Wherever the Online Safety Bill goes next, it needs to spell the end of Mayism as an approach to tech policy and as a philosophy about the internet as well. It has already been allowed to carry on for far too long.
Now let’s look at the damage that philosophy caused.
Platform regulation ≠ internet regulation
The second rotten foundation under the Online Safety Bill is that throughout its whole life cycle, its creators and backers have conflated platform regulation with internet regulation.
The Bill has framed problems of content, conduct, and contact which have arisen on platforms – meaning a handful of specific mostly US-based service providers – as issues requiring blanket legislation targeting all service providers at the technical level through private interception, filtering, and monitoring. It’s how we’ve ended up with the framework for a Great British Splinternet, one which could still happen in September. I will have more to say about this in the next post.
The conflation of platform regulation with internet regulation was not an accident of technical ignorance. That conflation has been a deliberate pillar of the Bill’s strategy, along with the “unregulated wild west internet” trope garbage, in order to depict the internet as a place desperately in need of unilateral control. Unilateral British control.
Even on days when that rhetoric insulted the intelligence of everyone reading it.
"The internet hasn't been seriously regulated since 1990"
Oh my. https://t.co/LWclATH9QK— Heather Burns (@WebDevLaw) May 28, 2022
The UK is not unique in this error. Most governments, whether democratic or authoritarian, are conflating platform governance with internet governance in some form. But the UK is unique in attempting to build an entire regulatory model from scratch (“taking back control!”) on the back of this mistake: a mistake which they not only refuse to acknowledge, but are seeking to promote as a best-practice model.
A world-leading model.
There’s no such thing as a “world-leading” internet
The third rotten foundation under the Online Safety Bill is that its creators and backers have rejected the principles of multilateral internet governance, including the protection of its technical enablers, in favour of a bombastic obsession with devising a “world-leading” system of internet regulation based on going it alone:
and not just going it alone, but doing so in the belief that the rest of the world will kowtow to our genius and follow our lead.
If you haven’t been keeping up, we’re a tiny island across the sea + a bit, of 70 million people, whose global image is currently characterised by the plague, Brexit, Boris, and having gone completely batshit. And hey, next month is Diana 25, we’re going to go even more batshit, folks. We are not exactly at our best right now.
Meanwhile, the internet is the internet. It’s a network of networks built on internationally agreed standards and protocols. It survives based on multilateral cooperation and mutual technical respect. The OSB’s “world-leading” internet, one which is based on three levels of technical interception, the introduction of a general monitoring obligation, up to two dozen paperwork risk assessments, and the micromanagement of all conduct, content, and contact of all users, under the threats of service cutoffs, penalty fines, and personal criminal charges, is not a model which any country in their right mind would want to follow.
Saying you want to create a “world-leading” internet is like saying you want to be a little bit pregnant or a little bit dead. You either want to be a part of the global internet, or you want a splinternet. There isn’t a half-in half-out here, folks.
So it’s not a good sign that the policy sphere’s response to the recent publication of the Declaration for the Future of the Internet – a nonbinding commitment to the principles of multilateral internet governance, including its techical enablers, which was signed by 61 nations including the UK – was stifled giggles. Nadine Dorries had to read a speech about it as if she’d swallowed a bee.
You see, when 60 of the nations you think you “world-lead” have to tap you on the shoulder, clear their throats, and diplomatically remind you to wind your damn neck in, you’ve definitely achieved a “world-leading” status.
Just not the one you think.
Wherever this Bill goes next, one thing is for sure: we need to classify the phrase “world-leading” as a legal but subjective harm and make sure it’s never heard again.
Misinformation, disinformation, spin, and lies
The fourth rotten foundation under the Online Safety Bill is one you’ve probably noticed, and that is how much misinformation, disinformation, spin, and outright lies it requires to keep it afloat.
And has, since it inception, and still needs now, even in its dying days.
We’ve been told, for example, that the Bill was about social media and big tech and “reining in the tech giants”. That’s not true. It never was.
We’ve been told, as well, that the Bill is about keeping children safe, or protecting children, or making the UK the safest place in the world to be online. That’s not true either. It never was. (What it is, we’ll talk about in the next post.)
And latterly we’ve been told that the Bill is a response to the manufactured American culture wars about freedom of speech and cancel culture. That’s not true (even if the people about to be in charge of it think it is, which is a separate but equally important problem); in fact, the Bill was already years into its life before the American culture war jumped the pond.
We could even dive into specifics, such as the introduction of the senior management liability regime via the Bill. We’re told time and again that this is a safeguard needed to make sure that companies stay accountable. I have yet to encounter a single policymaker who has any comprehension of what that will mean in practice beyond the arrests and televised show trials of the two specific people the clauses were drafted to target, and what will happen when those arrests and show trials sweep up domestic tech workers like you and like me.
I am a firm believer in the political philosophy of the renowned American jurist, Judge Judith Sheindlin, who famously said, and I quote: “don’t piss on my leg and tell me it’s raining.”
The funny old thing about the Online Safety Bill is that none of its supporters will ever be able to explain it to you, or discuss its purpose, or clarify its questions, without simultaneously pissing on your leg.
We need to start asking why that is.
And we need to stop letting these people piss on us.
So that’s four rotten foundations under one Bill. And we haven’t even gone into the unanswered questions on top of that rubble, which will follow in the next blog post.
So I suppose the question isn’t why anyone thinks this thing has a chance of surviving come the September premiership.
The question is how anyone thinks it can.
Or, perhaps, why it should.
Header image: Demolition/Wikimedia Commons/Rossographer