self-hosting-advocacy/harmful-communications-201910
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Beginning the tidy-up

Browse source
This commit is contained in:
Éibhear Ó hAnluain 2019-09-19 20:43:33 +01:00
parent 6ed44e21c2
commit a2b2404148
1 changed files with 81 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

155
HarmfulCommunications201908.org
View file

@ -327,7 +327,7 @@
- The new Copyright Directive...
-
* CONSDONE Introduction
* Introduction
My name is Éibhear Ó hAnluain and I have been working in software
engineering and IT systems design since 1994. I thank you for the
@ -343,8 +343,8 @@
I will also address some additional concerns I believe are relevant
to this analysis.
* CONSDONE Self-hosting
** CONSDONE Self-hosting
* Self-hosting
** Self-hosting
For the purposes of this submission, /self-hosting/ is where an
individual or small group has opted to provide their own internet
services, making use either of computer capacity provided by an ISP
@ -369,8 +369,8 @@
*** CONSTODO Real examples of self-hosting
I host a number of services:
- [[http://www.gibiris.org/eo-blog][/Éibhear/Gibiris/]] is my blog site.
- [[https://social.gibiris.org/][/Social Gibiris/]] is a micro-blogging service that is federated
- [[http://www.gibiris.org/eo-blog][/Éibhear/Gibiris/, http://www.gibiris.org/eo-blog]] is my blog site.
- [[https://social.gibiris.org/][/Social Gibiris/, https://social.gibiris.org/]] is a micro-blogging service that is federated
with others using the /AtomPub/ technology. Thus, /Social
Gibiris/ is federated with many other instances of /GNU Social/,
/Mastodon/ and /Pleroma/. This network of federated services,
@ -383,10 +383,10 @@
- [[https://news.gibiris.org/][/news.gibiris.org/]] is a news-aggregation service that allows me
to gather all the news sources of interest to me into one
location, which I can then access from wherever I am.
- [[https://cloud.gibiris.org/nextcloud][/cloud.gibiris.org/]] is a file-sharing platform that I use with
- [[https://cloud.gibiris.org/nextcloud][https://cloud.gibiris.org/]] is a file-sharing platform that I use with
my family when we are collaborating on projects (e.g. school
projects, home improvement projects, etc.)
- [[https://matrix.gibiris.org/][/matrix.gibiris.org/]] is an instant-messaging system which I set
- [[https://matrix.gibiris.org/][https://matrix.gibiris.org/]] is an instant-messaging system which I set
up for the purposes of communicating with my family and close
friends.
@ -434,9 +434,9 @@
Very often, as with me, the reason to self-host is a combination
of more than 1 of these reasons.
** CONSDONE How accessible is self-hosting.
In a previous, similar, submission[fn:dccae:Available [[http://www.gibiris.org/eo-blog/posts/2019/04/15_harmful-content-consultation.html][here]] and
[[https://www.dccae.gov.ie/en-ie/communications/consultations/Documents/86/submissions/Eibhear_O_HAnluain.pdf][here]].], I provide an outline of the challenges before someone who
** How accessible is self-hosting.
In a previous, similar, submission[fn:dccae:Available [[http://www.gibiris.org/eo-blog/posts/2019/04/15_harmful-content-consultation.html][here (http://www.gibiris.org/eo-blog/posts/2019/04/15_harmful-content-consultation.html)]] and
[[https://www.dccae.gov.ie/en-ie/communications/consultations/Documents/86/submissions/Eibhear_O_HAnluain.pdf][here (https://www.dccae.gov.ie/en-ie/communications/consultations/Documents/86/submissions/Eibhear_O_HAnluain.pdf)]].], I provide an outline of the challenges before someone who
wants to set up their own services. They are few, and they are
small. In summary, the reasons for this are:
- The Internet is mechanism for computers to find each other and
@ -462,7 +462,7 @@
operating system that was accessible to all. Linux-based
operating systems now form the basis of a significant proportion
of internet connected computing devices
globally[fn:LinuxProportions:https://en.wikipedia.org/wiki/Usage_share_of_operating_systems]
globally[fn:LinuxProportions:[[https://en.wikipedia.org/wiki/Usage_share_of_operating_systems][Usage share of operating systems (https://en.wikipedia.org/wiki/Usage_share_of_operating_systems)]]]
(including 73% of smartphones and tablet computers, somewhere
between 36% and 66% of internet-facing server computers), and
100% of supercomputers.
@ -470,7 +470,7 @@
software developers wanted to add functionality to one of the
original web server software packages, /NCSA httpd/. The Apache
web server now powers 43.6% of all web
sites[fn:apacheProportions:[[https://w3techs.com/technologies/overview/web_server/all][https://w3techs.com/technologies/overview/web_server/all]]. Incidentally,
sites[fn:apacheProportions:[[https://w3techs.com/technologies/overview/web_server/all][Usage of web servers]]. Incidentally,
the no. 2 on that web page, with nearly 42% share of websites is
/nginx/. It also started out as a project by an individual who
wanted to solve a particular project.].
@ -538,7 +538,7 @@
that if one node goes down or is attacked, the others can continue
with a minimum of interruption.
** CONSDONE Regulation of self-hosted services
** Regulation of self-hosted services
While it is attractive to create regulations to manage the large,
profit-making organisations, it is imperative that such
@ -580,13 +580,13 @@
pop into the heads of individuals, who would realise them with
nothing more than a computer connected to the internet.
* CONSDONE Other considerations
* Other considerations
While the main focus of this submission is to highlight the
potential risk to self-hosters from regulations that neglect to
consider the practice, I would like to take the opportunity to
briefly raise some additional concerns
** CONSDONE Abuse of the systems
** Abuse of the systems
To date, all systems that seek to protect others from harmful or
other objectionable material (e.g. copyright infringement,
@ -594,7 +594,7 @@
example, in a recent court filing, Google claimed that 99.97% of
copyright infringement notices it received in from a single party
in January 2017 were
bogus[fn:googleTakedown:https://www.techdirt.com/articles/20170223/06160336772/google-report-9995-percent-dmca-takedown-notices-are-bot-generated-bullshit-buckshot.shtml]:
bogus[fn:googleTakedown:[[https://www.techdirt.com/articles/20170223/06160336772/google-report-9995-percent-dmca-takedown-notices-are-bot-generated-bullshit-buckshot.shtml][Google Report: 99.95 Percent Of DMCA Takedown Notices Are Bot-Generated Bullshit Buckshot]]]:
#+BEGIN_QUOTE
A significant portion of the recent increases in DMCA submission
@ -618,7 +618,7 @@
that claims of copyright ownership on the part of the claimant are
to be made under penalty of perjury. However, that provision is
very weak, and seems not to be a deterrent for a determined agent:
https://torrentfreak.com/warner-bros-our-false-dmca-takedowns-are-not-a-crime-131115].
[[https://torrentfreak.com/warner-bros-our-false-dmca-takedowns-are-not-a-crime-131115][Warner Bros: Our False DMCA Takedowns Are Not a Crime]]].
The GDPR's /Right to be Forgotten/ is also subject to abuse. An
individual from Europe continues to force stories related to him
@ -647,7 +647,7 @@
claimant suffers nothing for abusive claims, the regime is
guaranteed to be abused.
** CONSDONE Content Moderation
** Content Moderation
Much of the focus of legislative efforts to deal with harmful or
objectionable material that appear on services that permit uploads
@ -718,7 +718,7 @@
didn't have time to determine the full context, or because it
misinterpreted or misunderstood the context.
** CONSDONE User Behaviour
** User Behaviour
Many believe that the way to deal with abusive or harmful material
online is to punish the services that host the material. This is
reasonable if the material was placed onto the service by those who
@ -751,20 +751,20 @@
there is no attempt to change behaviour, then abusive people will
simply work around the controls and continue to abuse.
** CONSDONE Investigation support
** Investigation support
In response to the live-streaming of that horrific shooting dead of
more than 50 people in New Zealand earlier this year, that country
has proscribed the video recorded by that white supremacist
terrorist as "objectionable", making it a criminal offence to share
it[fn:banNotice:https://www.classificationoffice.govt.nz/news/latest-news/christchurch-attacks-press-releases/#christchurch-attack-video-footage-and-document-has-been-banned-in-nz-what-this-means-for-you].
has declared the video recorded by that white supremacist terrorist
as "objectionable", making it a criminal offence to share
it[fn:banNotice:[[https://www.classificationoffice.govt.nz/news/latest-news/christchurch-attacks-press-releases/#christchurch-attack-video-footage-and-document-has-been-banned-in-nz-what-this-means-for-you][Christchurch attack video footage and document has been banned in NZ what this means for you]]].
While one can understand the thinking that sharing the material
could only be done by people who support the atrocity, this is not
necessarily true. Other reasons to share the video or portions of
it might include
- to appeal for help in finding someone caught up in the massacre
- Legitimate news reporting of such an event.
- legitimate news reporting of such an event.
- to help investigate the shooting and its
circumstances[fn:ForArch:Forensic Architecture,
https://forensic-architecture.org/, is a research group that
@ -772,7 +772,10 @@
records of events. To criminalise the sharing of such imagery and
videos with no regard as to the purpose for the sharing plays
directly into the hands of those who disregard victims' civil
rights.]
rights. Similarly, it's not correct to assume that police or
intelligence services alone perform these types of
investigations, so limiting permission to share to these
organisations would not be sufficient.]
- training for law enforcement or terrorism- or disaster-response
personnel.
@ -788,35 +791,35 @@
that it is now very easy for anyone to forge screen-shots of online
postings.
** CONSDONE Encrypted services
** Encrypted services
Some believe that if end-to-end encryption services that prevent
security services from accessing material were banned or
controlled, there would be less abusive behaviour online. This is
not true, nor is it a good public policy.
Encryption is just mathematics, and it knows neither whether its
use is for ill or good. However, when you consider the extent to
which encryption is being used -- every website that uses =https=
as part of its address encrypts the traffic between itself and its
users, and that is nearly every website around the world -- the
good uses vastly outnumber the bad uses. If people are forced to
use an encryption system that has been modified to make it easy for
Encryption is just mathematics, and it knows neither that its use
is for ill or good. However, when you consider the extent to which
encryption is being used -- every website that uses =https= as part
of its address encrypts the traffic between itself and its users,
and that is nearly every website around the world -- the good uses
vastly outnumber the bad uses. If people are forced to use an
encryption system that has been modified to make it easy for
security services to gain access to the messages, it means that all
the good, innocent uses of encryption are at risk. Recent news that
Russian spies managed to infiltrate the
FBI[fn:Oath:https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html
(Please note that to access this story the user has to agree to
many hundreds of forms tracking or spend many up to an hour
examining those forms and disabling each one individually. It is
recommended that this story be access using "Incognito" or "Private
Browsing" mode in order to be protected against tracking).],
highlights how unreliable are assurances from security services
that they can keep secrets such as the keys to all encryption safe
from harm.
Russian spies managed to infiltrate the FBI[fn:Oath:[[https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html][Exclusive:
Russia carried out a 'stunning' breach of FBI communications
system, escalating the spy game on U.S. soil]] (Please note that to
access this story the user has to agree to many hundreds of forms
tracking or spend up to an hour examining those forms and disabling
each one individually. It is recommended that this story be access
using "Incognito" or "Private Browsing" mode in order to be
protected against tracking).], highlights how unreliable are
assurances from security services that they can keep secrets such
as the keys to all encryption safe from harm.
All it takes is one determined intruder, and all the good uses of
encryption are put at risk in order to safe money and effort on
encryption are put at risk in order to save money and effort on
investigating illegal activities.
I have written a number of articles on this matter providing more
@ -829,10 +832,10 @@
- [[http://www.gibiris.org/eo-blog/posts/2018/09/04_some-questions-5-eyes-countries-what-can-they-do.html][Some questions for the "5 Eyes" countries on what they think they
can do]]
* CONSDONE Answers to consultation questions
* Answers to consultation questions
The follows are some answers to the questions posed in the call for
submissions.
** CONSDONE Definition of communication in legislation
** Definition of communication in legislation
- Question 1 :: There are currently significant gaps in legislation
with regard to harassment and newer, more modern
forms of communication. Is there a need to expand
@ -866,7 +869,7 @@
as
/FOSTA-SESTA/[fn:FOSTA-SESTA:https://en.wikipedia.org/wiki/Stop_Enabling_Sex_Traffickers_Act]
in the US, that seeks merely to punish web sites,
will to more harm than good[fn:SOSTAEffect:Lura
will do more harm than good[fn:SOSTAEffect:Lura
Chamberlain, FOSTA: A Hostile Law with a Human Cost,
87 Fordham L. Rev. 2171 (2019). Available at:
https://ir.lawnet.fordham.edu/flr/vol87/iss5/13]. The
@ -879,21 +882,24 @@
failure of the law to consider the effect of a
straight ban.
The recently-passed new EU Copyright directive
The recently-passed new EU Copyright Directive
mandates the filtering of user uploads based on prior
notice that such uploads *may* be infringing
copyright, subject to severe penalties, but requires
mere respect for users' freedom of speech with no
penalties attaching to failing to do so. The
copyright and failure to implement this filtering is
subject to severe penalties. However, the directive
requires mere respect for users' freedom of speech
with no penalties attaching to failing to do so. The
incentive for the service operators here is to err on
the side of suppressing material regardless of
anyone's freedom of expression, as the consequences
of not doing so could be catastrophic for the service
operator.
of keeping the material up could be catastrophic for
the service operator and the consequences of
infringing on someone's freedom of expression are
non-existent.
The proposal in the UK to apply a duty of care to
service operators is also destined for failure, as a
duty of care is a physical-world concept that has no
service operators is destined for failure, as a duty
of care is a physical-world concept that has no
suitable analogy in the context of internet services.
Ironically, the likely best regulatory approach is
@ -902,7 +908,8 @@
liability protection. All these services maintain
terms and conditions ("Community Rules", "Code of
Conduct", etc.) and confirmed violations of these
result in sanctions on the users. However, where
result in sanctions on the users, up to and including
permanent exclusion from the service. However, where
services aren't aware of violations, they are
protected on the grounds that the behaviour that is
objectionable is not that of the service operator,
@ -914,14 +921,14 @@
and advancing technologies, new apps and other
online forums, including the more familiar social
media sites?
+ Answer :: This is this submissions core concern. For
+ Answer :: This is this submission's core concern. For
legislation to focus on the technology, and not on
the behaviour, to focus on the service operator and
not on the real offender, runs real risks of damaging
human rights of totally innocent parties, as well as
stifling innovation and consolidating the market
positions of the major operators
** CONSDONE Harassment, stalking & other forms of online abuse
human rights of innocent parties, as well as stifling
innovation and consolidating the market positions of
the major operators
** Harassment, stalking & other forms of online abuse
- Question 4 :: Online harassment can take the form of
on-consensual taking and distribution of intimate
images or videos, otherwise known as revenge
@ -1025,14 +1032,14 @@
who offers commentary on many aspects of society
frequently posts messages on Twitter designed to
elicit angry responses. I describe this person as "A
master of the false equivalence". This is the classic
master of the false equivalence". This is classic
online trolling behaviour. Similarly, on the 18th
September 2019, a prominent UK journalist tweeted
personal details of a father who publicly challenged
UK Prime Minister Boris Johnson regarding the state
of the NHS. This was construed by many as a
deliberate trolling to inflict a measure of
unofficial retribution on the man.].
of the NHS. This act by the journalised was construed
by many as deliberate trolling designed to inflict a
measure of unofficial retribution on the man.].
It should not be assumed that pseudonymous accounts
are created in order for the users to escape legal
@ -1053,21 +1060,21 @@
Ireland's are.
It should not be assumed that a pseudonymous account has been
created for reasons of abuse or harmful communication. In fact,
there's good reason to assume that the significant majority of
pseudonymous accounts operate for completely innocent
reasons[fn:realnames:facebook excepted. However, facebook's
real-name policy is itself wrong, and does a great deal of
damage to people who have good reasons for their names not to
be associated with their online presences.].
It should not be assumed that a pseudonymous account has been
created for reasons of abuse or harmful communication. In fact,
there's good reason to assume that the significant majority of
pseudonymous accounts operate for completely innocent
reasons[fn:realnames:facebook excepted. However, facebook's
real-name policy is itself wrong, and does a great deal of damage
to people who have good reasons for their names not to be
associated with their online presences.].
- Question 12 :: Do other jurisdictions have statutory measures to
protect victim identities in cases of online
harassment being released online posthearings,
etc?
+ Answer :: This submission is not offering any answer to this
question.
** CONSDONE Harmful online behaviour and young people
** Harmful online behaviour and young people
- Question 13 :: How do we most appropriately regulate social media
platforms to prevent cyberbullying and
inappropriate sharing of personal images?