diff --git a/HarmfulCommunications201908.org b/HarmfulCommunications201908.org index 588190f..a5a840c 100644 --- a/HarmfulCommunications201908.org +++ b/HarmfulCommunications201908.org @@ -130,11 +130,11 @@ *** Online Harrassment, harmful communications and related offences *Possible issues for address* **** Definition of communication in legislation - 1. There are currently significant gaps in legislation with - regard to harassment and newer, more modern forms of - communication. Is there a need to expand the definition of - ‘communications’ to include online and digital communications - tools such as WhatsApp, Facebook, Snapchat, etc. when + 1. There are currently significant gaps in legislation with + regard to harassment and newer, more modern forms of + communication. Is there a need to expand the definition of + ‘communications’ to include online and digital communications + tools such as WhatsApp, Facebook, Snapchat, etc. when addressing crimes of bullying or harassment? - Éibhear comment :: (/Address in introduction/) It is necessary not to assume that the current services that @@ -357,83 +357,76 @@ (early 2018) and relevant. However it's not alone, and as we look at pending legislation coming to us both domestically and from the EU, it's hard not to see the same failures repeating: - - Pat Rabbitte's and + - Pat Rabbitte's and Lorraine Higgins' bills, since withdrawn - The EU Terrorism Content Directive... - The new Copyright Directive... - -** CONSTODO The nature of the internet from the perspective of the technology +* CONSTODO Self-hosting +** CONSTODO Self-hosting + For the purposes of this submission, /self-hosting/ is where an + individual or small group has opted to provide their own internet + services, making use either of computer capacity provided by an ISP + (for example, Blacknight.com, Amazon AWS) or by maintaining the + computer technology themselves. + The services that the self-hoster exposes, then, are either + developed specifically by the self-hoster or runs software that has + been installed by the self-hoster. + + The self-hoster also takes responsibility for the quality of the + service that they provide, including ensuring that it is kept + running and updates are applied appropriately, and so on. + + This submission is primarilty concerned about self-hosting as a + hobby and self-hosting engaged in by charity, non-governmental or + community organisations. However, self-hosting for commercial + purposes is a valid use-case, but implications of regulations on + self-hosting has more a direct implication on the former use-cases, + as the effect of poor regulation on vulnerable people would be more + direct, immediate and serious. +*** Why self-host? + + There is a myriad of reasons for choosing to host one's own + service. Some examples might be: + + +** CONSTODO How accessible is self-hosting. *** CONSTODO Technical protocols - Formally, "the Internet" is a mechanism for identifying computers - on a network, and for ensuring that messages from one computer on - the network get to another computer. For this purpose, each - computer is assigned an address (e.g. 78.153.214.9). This system - is called The Internet Protocol[fn:IP:[[https://tools.ietf.org/html/rfc791][As defined in RFC 791: - https://tools.ietf.org/html/rfc791]]]. + In a previous, similar, submission[fn:dccae:Available [[http://www.gibiris.org/eo-blog/posts/2019/04/15_harmful-content-consultation.html][here]] and + [[https://www.dccae.gov.ie/en-ie/communications/consultations/Documents/86/submissions/Eibhear_O_HAnluain.pdf][here]].], I provide an outline of the challenges before someone who + wants to set up their own services. There are few, and they are + small. In summary, the reasons for this are: + - The Internet is mechanism for computers to find each other and + then to share information with each other. The mechanism is + defined in a set of publicly-available documents describing the + relevant protocols. + - Due to the maturity and age of these protocols, software needed + to use them is now abundant and trivially easy to get and + install and run on a computer. Such software is also very easy + to develop for moderately-skilled software engineers. + - Neither the protocols that define, nor the software that + implement the internet regard any computer to be superior or + inferior to any other computer. For this reason, there is no + cost or capacity barrier for someone to cross in order to run an + internet service: if you have the software, and the internet + connection, then you can expose such a service. - These dotted-notation addresses are associated with more - easy-to-remember name-based addresses by means of a system called - the "Domain Name System"[fn:DNS:As defined by [[https://tools.ietf.org/html/rfc1034][RFC 1034 - (https://tools.ietf.org/html/rfc1034)]] and [[https://tools.ietf.org/html/rfc1035][RFC 1035 - (https://tools.ietf.org/html/rfc1035)]].]. - - There are a number of protocols[fn:protocols:For the purposes of - this document, a protocol is a set of instructions detailing how - two or more computers should express queries and responses to each - other] for transmitting messages over the Internet, with two of - the more common being - "TCP"[fn:TCP:https://tools.ietf.org/html/rfc1035] and - "UDP"[fn:UDP:https://en.wikipedia.org/wiki/User_Datagram_Protocol]. - - The software required to implement these communications protocols - is installed onto all forms of internet-connected devices, ranging - from objects as small as (or smaller than) heart pacemakers, to as - large as the largest super-computers. - - This software is not aware of the size or capacity of the device - it's installed on. Similarly, the protocols mentioned above have - no regard to the purpose its host computer has, nor to who owns - it, nor to how large it is. - - The "World Wide Web" (the Web), from a technological perspective, - is /not/ the Internet. The Web is a set of defined protocols that - make use of the Internet. Unlike the Internet and transmission - protocols -- which are designed to require each computer to regard - all others are peers -- the Web operates a little more on a - client-server basis: the software package, often referred to as a - web browser, on one computer is used to request specific - information from the software package, often referred to as the - web server, on the other computer. - - However, despite the "client-server" nature of the Web, due to the - simplicity of the software needed for a computer to be a web - server, you can find web serving software operating on extremely - small "IoT" devices. - -*** CONSTODO Low barrier of entry for useful technology - - The above demonstrates that someone with a computer, a connection - to the internet and sufficient time and determination can set up a - web service that will function just like the services we're all - familiar with. - - This is exemplified by the development of certain internet-related - technology in recent decades: - - The /Linux/ operating system kernel is named after its inventor, - Linus Torvalds, who started work on it in 1991 as a college - project -- he wanted to write a computer operating system that - was accessible to all, and which functioned in a specific - way. The Linux operating system now forms the basis of a - significant proportion of internet connected computing devices + Clear examples from the past of how the accessibility of the + internet technologies has benefited the world include the following: + - The /Linux/ operating system kernel began life in 1991 as a + college project -- Linus Torvalds wanted to write a computer + operating system that was accessible to all. Linux-based + operating systems now form the basis of a significant proportion + of internet connected computing devices globally[fn:LinuxProportions:https://en.wikipedia.org/wiki/Usage_share_of_operating_systems] - (including 73% of smartphones and tablet computers, through - Google's Android, and somewhere between 36% and 66% of - internet-facing server computers), and 100% of supercomputers. + (including 73% of smartphones and tablet computers, somewhere + between 36% and 66% of internet-facing server computers), and + 100% of supercomputers. - The /Apache/ web server started development when a group of 8 - software developers decided they wanted to add functionality to - one of the original web server software packages, /NCSA - httpd/. The Apache web server now powers 43.6% of all web + software developers wanted to add functionality to one of the + original web server software packages, /NCSA httpd/. The Apache + web server now powers 43.6% of all web sites[fn:apacheProportions:[[https://w3techs.com/technologies/overview/web_server/all][https://w3techs.com/technologies/overview/web_server/all]]. Incidentally, the no. 2 on that web page, with nearly 42% share of websites is /nginx/. It also started out as a project by an individual who @@ -448,20 +441,43 @@ since the late '90s, resulting in far richer and more secure web. -** CONSTODO Self-hosting + When we look at the main services that society is currently + struggling with, we need to consider the following historical + facts: + - Facebook started out as a crude service, developed in Mark + Zuckerberg's room in Harvard University, to allow users (men, of + course) to rate the women in the university in terms of + "hotness". + - Google started out as a search engine called + "Backrub". Development initially took place in a garage. + - eBay was originally an auction service tagged onto the personal + website of its founder, Pierre Omidyar. + - LinkedIn was initially developed in Reid Hoffman's apartment + in 2003. + - Shutterstock, a leading provider of stock images, was founded by + a photographer, John Oringer, who developed the service as a + means to make available 30,000 of his own photographs. + + The ease with which internet technology can be accessed has given + rise to the explosion of services that connect people, and people + with businesses. + + It is critical to note that many of these technologies and + services started out with an individual or small group developing + an idea and showing it can work *prior* to receiving the large + capital investments that result in their current dominance. *** CONSTODO The nature of self-hosting - Both the /Linux/ operating system kernel and the /Firefox/ web - browser can be considered truly disruptive technologies. In both - of their domains, their arrival resulted in a dramatic - improvements in internet and other technologies. + All of the above technologies and services can be considered truly + disruptive. In their respective domains, their arrivals resulted in + a dramatic improvements in internet technologies and services. - This affect isn't unique to those examples. There are many - alternatives to the systems that we are familiar with, all - developed by individuals, or small, enthusiastic teams: + However, There are many alternatives to the systems that we are + familiar with, all developed by individuals, or small, enthusiastic + teams: - /Twitter/ isn't the only micro-blogging service: there's also - /GNU Social/, /Mastodon/. - - One alternative to /Facebook/ is /diaspora*/ + /GNU Social/, /Pleroma/, /Mastodon/. + - An alternative to /Facebook/ is /diaspora*/ - /Nextcloud/ and /Owncloud/ are examples of alternatives to /Dropbox/. @@ -507,130 +523,131 @@ 2 of those services, /git.gibiris.org/ and /Social Gibiris/ can process or post user-uploaded information. -*** CONSTODO Regulation of self-hosted services +** CONSTODO Regulation of self-hosted services - While it is attractive to create regulations to manage the large, - profit-making organisations, it is imperative that such - regulations don't harm the desire of those who want to create - their own services. + While it is attractive to create regulations to manage the large, + profit-making organisations, it is imperative that such + regulations don't harm the desire of those who want to create + their own services. - Any regulation that applies liability on the service for someone - else's words or behaviour, is a regulation that can be adhered to - only by organisations with large amounts of money to hand. For - example, if the regulation was to apply liability on me for - posting made by someone else (and *somewhere* else -- these are - federated services) on the 2 implicated services that I run, I - would have to shut them down, as I would not be able to put in - place the necessary infrastructure that would mitigate my - liability[fn:copyrightDirective:This assumes that my services - aren't forced to shut down by the new EU Copyright Directive - anyway]. Given that my services are intended to provide a positive - benefit to me, my family members and my friends, and that I have - no desire to facilitate harmful behaviour on those services, a law - forcing me to shut these services down benefits no one. + Regulations that apply liability a service-provider for someone + else's behaviour, is a regulation that can be adhered to only by + organisations with large amounts of money to hand. For example, if + the regulation was to apply liability on me for a posting made by + someone else (and *somewhere* else -- these are federated services + after all) that appear on one of the services that I run, I would + have to shut them down, as I would not be able to put in place the + necessary infrastructure that would mitigate my + liability[fn:copyrightDirective:This assumes that my services + aren't forced to shut down by the new EU Copyright Directive + anyway]. Given that my services are intended to provide a positive + benefit to me, my family members and my friends, and that I have no + desire to facilitate harmful behaviour on these services, a law + forcing me to shut these services down benefits no one. - Similarly, a regulation that demands responses from services on - the assumption that the service will be manned at all times, - requires individuals who are self-hosting their services to be - available at all times (i.e. to be able to respond regardless of - whether they are asleep, or overseas on a family holiday, etc.) + Similarly, a regulation that demands responses from services on the + assumption that the service will be manned at all times, requires + individuals who are self-hosting their services to be available at + all times (i.e. to be able to respond regardless of whether they + are asleep, or overseas on a family holiday, too ill to respond, + etc.) - This submission comes from this perspective: that small operators - should not be unduly harmed by regulations; the likelihood of this - harm coming to pass is greater when such small operators are not - even considered during the development of the regulations. If the - regulations have the (hopefully unintended) effect of harming such - small operators, the result will not just be the loss of these - services, but also the loss of opportunity to make the Web richer - by means of the imposition of artificial barriers to entry. Such - regulations will inhibit the development of ideas that pop into - the heads of individuals, who will realise them with nothing more - than a computer connected to the internet. + This submission comes from this perspective: that small operators + should not be unduly harmed by regulations; the likelihood of this + harm coming to pass is greater when such small operators are not + even considered during the development of the regulations. If + regulations have the effect[fn:unintended:unintended, one hopes] of + harming such small operators, the result will not just be the loss + of these services, but also the loss of opportunity to make the Web + richer by means of the imposition of artificial barriers to + entry. Such regulations will inhibit the development of ideas that + pop into the heads of individuals, who will realise them with + nothing more than a computer connected to the internet. -** CONSTODO Abuse +* CONSTODO Abuse - All systems that seek to protect people from harmful or other - objectionable material (e.g. copyright infringement, terrorism - propaganda, etc.) have, to date, been amenable to abuse. For - example, in a recent court filing, Google claimed that 99.97% of - infringement notices it received in from a single party in January - 2017 were - bogus[fn:googleTakedown:https://www.techdirt.com/articles/20170223/06160336772/google-report-9995-percent-dmca-takedown-notices-are-bot-generated-bullshit-buckshot.shtml]: + All systems that seek to protect people from harmful or other + objectionable material (e.g. copyright infringement, terrorism + propaganda, etc.) have, to date, been amenable to abuse. For + example, in a recent court filing, Google claimed that 99.97% of + infringement notices it received in from a single party in January + 2017 were + bogus[fn:googleTakedown:https://www.techdirt.com/articles/20170223/06160336772/google-report-9995-percent-dmca-takedown-notices-are-bot-generated-bullshit-buckshot.shtml]: - #+BEGIN_QUOTE - A significant portion of the recent increases in DMCA submission - volumes for Google Search stem from notices that appear to be - duplicative, unnecessary, or mistaken. As we explained at the San - Francisco Roundtable, a substantial number of takedown requests - submitted to Google are for URLs that have never been in our search - index, and therefore could never have appeared in our search - results. For example, in January 2017, the most prolific submitter - submitted notices that Google honored for 16,457,433 URLs. But on - further inspection, 16,450,129 (99.97%) of those URLs were not in - our search index in the first place. Nor is this problem limited to - one submitter: in total, 99.95% of all URLs processed from our - Trusted Copyright Removal Program in January 2017 were not in our - index. - #+END_QUOTE + #+BEGIN_QUOTE + A significant portion of the recent increases in DMCA submission + volumes for Google Search stem from notices that appear to be + duplicative, unnecessary, or mistaken. As we explained at the San + Francisco Roundtable, a substantial number of takedown requests + submitted to Google are for URLs that have never been in our search + index, and therefore could never have appeared in our search + results. For example, in January 2017, the most prolific submitter + submitted notices that Google honored for 16,457,433 URLs. But on + further inspection, 16,450,129 (99.97%) of those URLs were not in + our search index in the first place. Nor is this problem limited to + one submitter: in total, 99.95% of all URLs processed from our + Trusted Copyright Removal Program in January 2017 were not in our + index. + #+END_QUOTE - Aside from the percentage of URLs noted that don't exist in - Google's index, that a single entity would submit more than 16 - million URLs for delisting in a single month is staggering, and - demonstrates a compelling point: there is no downside for a - bad-faith actor seeking to take advantage of a system for - suppressing information[fn:downside:The law being used in this - specific case is the US Digital Millennium Copyright Act. It - contains a provision that claims of copyright ownership on the part - of the claimant are to be made under penalty of perjury. However, - that provision is very weak, and seems not to be a deterrent for a - determined agent: - https://torrentfreak.com/warner-bros-our-false-dmca-takedowns-are-not-a-crime-131115]. + Aside from the percentage of URLs noted that don't exist in + Google's index, that a single entity would submit more than 16 + million URLs for delisting in a single month is staggering, and + demonstrates a compelling point: there is no downside for a + bad-faith actor seeking to take advantage of a system for + suppressing information[fn:downside:The law being used in this + specific case is the US Digital Millennium Copyright Act. It + contains a provision that claims of copyright ownership on the part + of the claimant are to be made under penalty of perjury. However, + that provision is very weak, and seems not to be a deterrent for a + determined agent: + https://torrentfreak.com/warner-bros-our-false-dmca-takedowns-are-not-a-crime-131115]. - More recently, there is the story of abuse of the GDPR's /Right to - be Forgotten/. An individual from Europe made a claim in 2014, - under the original /Right to be Forgotten/, to have stories related - to him excluded from Google searches for him. This seemed to have - been an acceptable usage under those rules. However, that this - claim was made and processed seems also to be a matter of public - interest, and some stories were written in the online press - regarding it. Subsequently, the same individual used the /Right to - be Forgotten/ to have *these* stories excluded from Google - searches. + More recently, there is the story of abuse of the GDPR's /Right to + be Forgotten/. An individual from Europe made a claim in 2014, + under the original /Right to be Forgotten/, to have stories related + to him excluded from Google searches for him. This seemed to have + been an acceptable usage under those rules. However, that this + claim was made and processed seems also to be a matter of public + interest, and some stories were written in the online press + regarding it. Subsequently, the same individual used the /Right to + be Forgotten/ to have *these* stories excluded from Google + searches. - This cat-and-mouse game continues to the extent that the individual - is (successfully) requiring Google to remove stories *about his - use* of the GDPR's /Right to be Forgotten/. Even stories that cover - *only* his /Right to be Forgotten/ claims, making no reference at - all to the original (objected-to) - story[fn:RTBF:https://www.techdirt.com/articles/20190320/09481541833]. This - is clearly an abuse of the law: Google risks serious sanction from - data protection authorities if it decides to invoke the - "... exercising the right of freedom of expression and information" - exception[fn:FoE_GPDR:GDPR, Article 17, paragraph 3(a)] and it is - determined that the exception didn't apply. However, the claimant - suffers no sanction if it is determined that the exception /does/ - apply. + This cat-and-mouse game continues to the extent that the individual + is (successfully) requiring Google to remove stories *about his + use* of the GDPR's /Right to be Forgotten/. Even stories that cover + *only* his /Right to be Forgotten/ claims, making no reference at + all to the original (objected-to) + story[fn:RTBF:https://www.techdirt.com/articles/20190320/09481541833]. This + is clearly an abuse of the law: Google risks serious sanction from + data protection authorities if it decides to invoke the + "... exercising the right of freedom of expression and information" + exception[fn:FoE_GPDR:GDPR, Article 17, paragraph 3(a)] and it is + determined that the exception didn't apply. However, the claimant + suffers no sanction if it is determined that the exception /does/ + apply. - In systems that facilitate censorship[fn:censorship:While seeking - to achieve a valuable and socially important goal, this - legislation, and all others of its nature, facilitates censorship: - as a society, we should not be so squeamish about admitting this.], - it is important to do more than merely assert that service - providers should protect fundamental rights for expression and - information. In a regime where sending an e-mail costs nearly - nothing, where a service risks serious penalties (up to and - including having to shutdown) and where a claimant suffers nothing - for abusive claims, the regime is guaranteed to be abused. + In systems that facilitate censorship[fn:censorship:While seeking + to achieve a valuable and socially important goal, this + legislation, and all others of its nature, facilitates censorship: + as a society, we should not be so squeamish about admitting this.], + it is important to do more than merely assert that service + providers should protect fundamental rights for expression and + information. In a regime where sending an e-mail costs nearly + nothing, where a service risks serious penalties (up to and + including having to shutdown) and where a claimant suffers nothing + for abusive claims, the regime is guaranteed to be abused. -** CONSTODO Harmful content definition +* CONSTODO Harmful content definition - This submission will not offer any suggestions as to what should be - considered "harmful content". However, I am of the belief that if - "harmful content" is not narrowly defined, the system will allow - bad actors to abuse it, and in the context where there is no risk - to making claims, and great risk in not taking down the reported - postings, loose definitions will only make it easier for - non-harmful content to be removed. + This submission will not offer any suggestions as to what should be + considered "harmful content". However, I am of the belief that if + "harmful content" is not narrowly defined, the system will allow + bad actors to abuse it, and in the context where there is no risk + to making claims, and great risk in not taking down the reported + postings, loose definitions will only make it easier for + non-harmful content to be removed. * CONSTODO Answers to consultation questions ** CONSTODO Strand 1 -- National Legislative Proposal