I had a natter with David Meyer about the past fortnight in UK tech policy drama.
We did this deliberately as a casual chat, as opposed to a techlaw deep dive, so don’t expect anything too heavy. (I had in fact planned to switch off my brain this summer like normal policy wonks do. So much for that…)
Scan your eyeballs, think of the children: how Britain sells surveillance as safety
I wrote for The Nerve about the past fortnight in UK tech policy.
I know a lot of people expected me to have a lot of things to say about what’s happened, but here’s the thing:
aside from that article, there is absolutely nothing to say that I didn’t already say here in this blog, in my fleeting and regrettable professional capacities, or in the media, in (checks notes)
2026, 2025, 2024, 2023, 2022, 2021, 2020, 2019, 2018, 2017, and 2016.
Which is why I took that article right back to where it began, ten years ago next week. Everything always circles right back to where it began. And I do mean everything.
“Power absent ethics rests on an unshakable ability and desire to punish active resistance – to beat and arrest and try to ruin the lives of people who block freeways and set up encampments and confront lawmakers. But such power has no idea what to do against negative resistance, against someone who refuses to buy or attend or align, who simply says: I will not be part of this. Against the one who walks away.”
Omar El Akkad, from ‘One Day, Everyone Will Have Always Been Against This’
A quick one because it’s Sunday and I’d rather be thinking about Scotland winning the World Cup. This morning someone alerted me to completely predictable news about Yoti, the age verification provider which has quietly driven the shape of so much internet regulation in its commercial interests, whilst embedding itself so deeply into national, regional, and local government that you need to verify your identity through them just to request a replacement recycling bin from the council (as I’ve had to do).
It turns out that Yoti are now reporting GrapheneOS users who have PlayStation accounts to “authorities” merely for having the OS. I do not know where (as in what country) this incident happened, but it most definitely happened.
Last week I had the pleasure of attending a symposium at the University of Edinburgh on “Rewilding the Web: Diversity & Resilience in Sociotechnical Infrastructure”.
A little Monday morning rant to warm me up for the week.
I spoke with The National about the proposed UK social media ban for teenagers. That’s an archive link due to their unfortunate adwall.
There’s nothing I offered in my delightfully crotchety comments that I wasn’t already saying four, five, six, and seven years ago, but if anyone had listened to me four, five, six, and se- oh you know what, forget it.
As with everything, the Dog/Car article I wrote last year is the backgrounder to my comments.
The late and much-missed Ross Anderson famously wrote: “The idea that complex social problems are amenable to cheap technical solutions is the siren song of the software salesman and has lured many a gullible government department on to the rocks.”
Keen listeners may have also heard Ross yesterday, from wherever he resides in the great beyond, bellowing out to the great dominions: oh for fuck’s sake.
This being why:
Fun fact: the magical child safety solution which Jess Philips cited in her resignation letter is a vendor-specific offering, which benefited from an intense PR and lobbying campaign, and was previously praised by …
Prince Andrew.
I always keep the receipts.
heatherburns.tech/2026/02/20/t…
— Heather Burns (@heatherburnstech.bsky.social) 12 May 2026 at 14:46
That’s a thread, by the way.
Yes, the UK is now entering its tenth straight year of Brexit-era psychodrama, but even by those standards, this incident was remarkable for two reasons.
The first is that on her way out the door, a serving minister essentially regurgitated a private vendor’s sales pitch, a vendor whose years of aggressive marketing and corporate lobbying – not to mention courtship of The Nonce Formerly Known As Prince Andrew – placed them so close to power that their pitch deck was taken as both technical fact and regulatory assurance.
In doing so, it gave the wider public the sense of the magical thinking that those of us in the civil society space have been hitting up against for years. These years when we were portrayed as enemies of children’s safety for pointing out the obvious. These years when we would leave a frustrating meeting with a VIP policymaker thinking “where did she get those ideas from?” and realise that a compliance software vendor got to her before we did. That vendor promised her cheap technical solutions to complex social problems; you, on the other hand, gave her more problems. That’s why things are where they are.
Thanks to that letter, the wider world can see that now.
And that’s the second reason that incident was remarkable.
That’s because, at this point in the game, there was no excuse for it.
These are not the techno-optimistic days of the green and white papers which became the OSA, nor the regulatory-optimistic days of “taking back control” by wiggling out of the EU-derived, human rights-based Digital Single Market framework.
No, we’re way, way, way beyond that now. Things are different. Technology is different. Geopolitics are different. The open internet, or what’s left of it, is different.
Everything has changed.
There were, and are, people in civil society who have devoted years of their careers trying to explain that to government and to Parliament, and who either gave up trying or gave up their careers entirely when their funding was cut in favour of AI hype.
Despite all that, there still are people in civil society who still would have been happy to explain that to government and to Parliament, and to do so with nothing more than a phonecall. As before, they’d have brought stats. They’d have brought reports. They’d have brought legal briefings. They’d have brought the optimism that no vendor’s slick sales pitch can diminish.
Didn’t happen, of course.
And so there it is, on Parliamentary letterhead.
Magical thinking about magical thinking.
Here’s a fun fact for a postscript: I have written two blog posts about my encounters with age verification software providers who were seeking to normalise the implementation of their products into the British internet stack, while also lobbying politicians to expand the legal framework from mere age verification to requiring government ID proofs of citizenship as conditions for website access. In both posts, both sets of editors required me to edit out the narratives of how openly racist the age verification providers were – as in, my accounts of how they were blatantly seeking to leverage the Online Safety Act to use their products to restrict ethnic, racial, and national minorities from being able to access the web – so that the editors didn’t get sued over the articles. That doesn’t change the fact that those conversations happened. That doesn’t change who those vendors are, what they really believe, and what they really want.
Social Media is Now Parasocial Media
In the interest of the power of naming things, I love this short open-access paper from danah boyd where she suggests shifting the term we use to describe social media.
As she explains, the term “social media” is a hangover from a more optimistic time when these sites were nodes for authentic human connections. We are now light years beyond that: these sites are nodes for AI scrapers, gamed algorithms, and monetised content. They exist solely to exploit and to harm. The authentic human connections, at least on those applications, are long gone.
Hence renaming it parasocial media, as a phenomenon which “creates the conditions for people to objectify one another at a distance as mediatized objects, helping realize the different layers of toxicity that social media scholars document.”
And she is right: we are no longer watching each other on these sites. We are watching depictions of each other, as filtered through machines.
Although classes ended last April, my dissertation was submitted in September, and my MSc was confirmed in December, the nature of the university graduation queue meant that I didn’t get my actual degree until last week.
And there it is. Read More
If I was still in my conference speaking era (ha), I’d say this:
Testing your inputs can be an act of resistance.
Not testing your inputs can be an act of collaboration.
Banning children from VPNs and social media will erode adults’ privacy
I spoke with New Scientist about a handful of clauses in the Children’s Wellbeing and Schools Bill, which is currently reaching the finish line of the Parliamentary process. These clauses are resurrecting several incredibly bad ideas which were debated out of the Online Safety Act, a good four or five years ago.
There are very good reasons that those clauses, and their unintended consequences, were taken out of the then-Bill.
But here we are, all these years later, seeing those bad ideas smashed with brute force into a completely separate bill.