Right. Ofcom's next online session is about "low risk" services.
I'll be tooting my thoughts in this thread.
Feel free to mute if you wish :)
[#]OnlineSafetyAct
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
"We haven't done a great deal of work about decentralised services in detail".
We can't give you a specific answer to who the provider might be.
(I fear "we can't help with that" will be a common theme.)
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Nope. Skipped over that.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
An excellent question from @cyberleagle, which Ofcom's webinar system has mangled badly:
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Ofcom is using an example of a "small gaming service" with "around 15,000 monthly UK users".
I wonder if Ofcom recognises that many of the people worrying about the OSA are talking about services with 0.1% of that userbase?!
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Even if low risk, you must have:
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
I'll try to find some spare time to write some template "not legal advice" terms and conditions, and complaints-related information.
Although, honestly, goodness knows how that applies in the context of, say,
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Questions!
"We probably can't give a definitive answer..."
What about services which are new, so have no evidence base?
Answer: you're right, we can't give a definitive answer...
sigh
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Oooh!
I think Ofcom has just said that single-user Mastodon instances are out of scope.
They read out my question, and said that.
But I fear that they have said that without knowing what the service is...
Even so, I'll be looking for that part of the recording :)
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
Question: is a complaints contact email address sufficient?
Answer: "there is a lot of flexibility, and what is "easy to use" will look different for different services"
Ofcom thinks that they've said somewhere that a contact email address might be sufficient.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
They attempted to answer @cyberleagle's question about the meaning of "illegal harm", and I'm not sure if they answered it or not...
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
And potentially the kind of content that would be regulated by Part 5.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
We've reached the end of the session and there are loads of questions which have not been answered.
I don't want to be unnecessarily mean, but looking at what those questions are, one can't help but wonder if Ofcom picked off the easy, convenient ones, not the detailed, difficult ones (e.g. "what is email").
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil How would they do spot checks? Which is to say, do they have a list of services that are in scope? If not, are they planning to compile one? One thing I don't recall seeing anywhere is any obligation to register with Ofcom or similar.
=> More informations about this toot | More toots from JubalBarca@scholar.social
@JubalBarca @neil the act has some wording about user-to-user and search services registering with Ofcom over some kinda fee structure, although I did speed read so I have missed out some detail
=> More informations about this toot | More toots from shidokidoki@comicscamp.club
Next (for me) is the porn session.
My questions:
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil
Being naked in public in England isn't an offence. Why would being naked online in England be an offence? Youd'd have to geoblock Scotland though.
=> More informations about this toot | More toots from geoffl@mastodon.me.uk
@geoffl
I presume that that's a rhetorical question?
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil does number 3 mean that woof.group will only allow nudity in .GIF format going forward? 😂
=> More informations about this toot | More toots from Reemt@woof.group
@neil Hmm, what would Ofcom accept as evidence that harm is not occurring then? 🤔
[#]osa #OnlineSafetyAct
=> More informations about this toot | More toots from CGM@mastodon.scot
@neil After attending that session, I certainly know I have a lot of known unknowns...
=> More informations about this toot | More toots from ghawkins@mastodon.garyhawkins.uk
@neil Hmm. On one hand, I've asserted many times that "absence of evidence is not evidence of absence."
On the other hand, this sounds worryingly like a pre-emptive assumption of guilt.
=> More informations about this toot | More toots from KatS@chaosfem.tw
@KatS As a statement, I'm not sure I fundamentally disagree with it.
What I would really have welcomed was a follow-up to address the genuine, valid question of "well then, what should a nascent service use as evidence?"!
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil So how are you meant to know? Schrodinger's harm?
=> More informations about this toot | More toots from annehargreaves@ioc.exchange
@neil oh well, as long as they probably won't fine me £18m for failing to navigate their illegible guidance, that's ok then.
=> More informations about this toot | More toots from ahnlak@kavlak.uk
@neil Does that paperwork have to be in English. It looks like having a set of policies in Welsh ought to be just fine and ensure they get tied in knots if they try to be silly, just like with tax inspections.
=> More informations about this toot | More toots from etchedpixels@mastodon.social
@etchedpixels @neil presumably providing such policies exclusively in Welsh would be a strong indicator that the "target market" wasn't the whole of the UK, and therefore take yourself out of scope? 🏴
=> More informations about this toot | More toots from ahnlak@kavlak.uk
@ahnlak @neil Now that's a thought. I wonder what services you could include that would mean your website wasn't suitable for the EU market and therefore Northern Ireland 8)
=> More informations about this toot | More toots from etchedpixels@mastodon.social
@etchedpixels
If you can do that without it being in English, then that should be compliant.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil Maybe there's an argument here that the Act is concerned specifically with unitary service providers, and so "users" have to be understood as partitioned between instances, rather than existing across multiple services? I have no idea how to read that statement other than "they did not understand the question".
=> More informations about this toot | More toots from aphyr@woof.group
@aphyr
Even then though it doesn't take into account people accessing via the web interface, not from a federated instance.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil If you never manage to get a copy of the recording, I also witnessed them say that on the live stream, having read out your question. And would be happy to provide a witness statement.
=> More informations about this toot | More toots from bloor@bloor.tw
@bloor Thank you!
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil Did you… did you just engineer a waiver of the OSA specifically for your single-user Fedi instance??!
I’m in awe.
@bloor
=> More informations about this toot | More toots from slothrop@chaos.social
@neil Ah, but is it single user according to their definitions? I thought you were saying users included anyone viewing it, no? You might be the only admin user, and the only user with a local account, but I think we are all users of your Mastodon instance according to this ridiculous law aren't we?
=> More informations about this toot | More toots from dentangle@chaos.social
@dentangle My question was
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil@mastodon.neilzone.co.uk @dentangle@chaos.social What's the betting they didn't consider federated content arriving on your server from the outside world, and assessed it as if it was your personal blog where the only content was what you yourself had authored?
=> More informations about this toot | More toots from nowster@fedi.nowster.me.uk
@neil 'I have evidence you said it was ok' is quite a mitigation, I would say :-D
=> More informations about this toot | More toots from galooph@masto.galooph.com
@neil well that would be good… cynically, you’re probably right….
=> More informations about this toot | More toots from julian@social.synesthesia.co.uk
@neil In my instance, being one of several co-owners/admins of a forum, could I nominate one of the US based admins as the accountable individual, as not being resident in the UK, are less likely to be at risk? Not that I would, but I could see people giving it a try!
=> More informations about this toot | More toots from galooph@masto.galooph.com
@neil this is the exact position I’m in for the football fan forum I run. I’ve signed up for a seminar by someone called “Promising Trouble “ but I guess it’s not an official ofcom one…?!?
=> More informations about this toot | More toots from Stubbs@mastodon.me.uk
@neil I've decided to "go for it", and see what happens:
https://forum.cyclinguk.org/viewtopic.php?t=164004
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant Nicely done!
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil But is it enough?
Only one way to find out - fight!
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant
You've shown willingness.
It is, as far as I can tell, genuinely a negligible / low risk site.
You've been transparent about your thinking.
You're going to review your terms, and complaints policy, to check they comply with the OSA.
It's honestly hard to see what more Ofcom might require.
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil @Fonant whilst you've absolutely gone 'above and beyond' (IMHO) I just wanted to say (and Neil can say if I'm wrong) that you cannot say that children don't access your site unless you have age verification.
(All this means AIUI is that you now must do the child risk assessment?)
=> More informations about this toot | More toots from networkstring@ablative.stream
@networkstring @neil "Accessing a service" explicitly includes all site visits, it doesn't mean just users who have logged in. It's impossible to know which GET requests to the server were initiated by children, so the best I can do is guess. As noted in my Child Access Assessment.
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant @neil Not wishing to derail the previous conversation with a tangent but AIUI if one were a Part5 service (or had otherwise decided that children were at high risk) then my understanding is that the expectation is that you must treat HTTP verb without an "Age Verified" flag (cookie/whatever) as a child.
=> More informations about this toot | More toots from networkstring@ablative.stream
@networkstring @Fonant
AIUI:
Part 3: Ofcom's stance seems to be that, if a service "allows" pornography, it is attractive to children, and so the "child user condition" will be met. If so, this would force the site to do a child risk assessment.
Ofcom suggested prohibiting porn in terms, and removing porn promptly upon become aware, so that the site can say it does not allow porn.
Part 5: this is sites on which the site provider is putting porn. Ofcom's view is that the provider must implement highly-effective age assurance in respect of all traffic (from the UK?).
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@networkstring @Fonant
I think that Anthony's got it right.
s11 - the duty to do a children's risk assessment - applies only to
Chapter 4 sets out when a service is "likely to be accessed by children".
https://www.legislation.gov.uk/ukpga/2023/50/part/3/chapter/4
It requires a provider to do a "children's access assessment".
If the site has highly-effective age assurance, then the provider may conclude that the site cannot be accessed by children.
If the site can be accessed by children (as Anthony acknowledges), the question is whether it is "likely" to be accessed by children.
That's the second limb of the children's access assessment, the "child user condition".
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil @networkstring That's my understanding.
Since Ofcom, and the law, don't provide absolute definitions, the only entity who can make this assessment is the nominated person responsible. Which for this forum is me.
I asked what happens if someone else disagrees with my assessment at the Ofcom presentation. Would Ofcom arbitrate? They mumbled about the online service's complaints procedure, which I took to mean "no".
If I'm the named person responsible for the risk assessments, I get to have the final say. I think...
=> More informations about this toot | More toots from Fonant@vivaldi.net
@neil I've decided that our Terms are easy to understand (no questions received about them) and our complaints procedure ("contact us" form, "report this post") is easy to access.
That's only my personal opinion, as is the risk assessment, but I'm the named person responsible. That satisfies the Act and Ofcom's guidance, as far as I can tell.
I'm very lucky in that the forum has been effectively moderated by a few volunteers for years now. Without their support I would have had to shut the Forum down at the end of March.
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant If you were minded to do so, it might be worth updating your record to show that you reviewed the terms, and the complaints policy, against the OSA, and validated that, in your opinion, they were compliant, rather than just referencing the 2017 implementation date.
Again, more a question of "showing your working" than anything else, and limiting the scope for argument on that point?
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@neil I sort-of want an argument, or better, a discussion: ideally with Ofcom. I'd like to find out what the minimum amount of work is needed to comply with the new OSA.
The Forum is NOT a cause of online harm, or harm to children. Neither are millions of other small, well-run online forums. They should not be burdened with legal duties any more than necessary.
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant @neil if I were minded to comply then what you've done (and Neil's stellar work at onlinesafetyact.co.uk) seems to be a good bar?
I have a suspicion that they are expecting more (in terms of moderation, abuse reporting, appeals, 'governance' etc) but that's just because I'm a cynic.
=> More informations about this toot | More toots from networkstring@ablative.stream
@networkstring @Fonant @neil Ofcom see everyone as large companies running social media sites, because the legislation does.. they seem unable to break out of that world and realize millions of volunteers are being burdened with something that has little to do with them.
=> More informations about this toot | More toots from tony@hoyle.me.uk
@tony @networkstring @Fonant @neil It's like the DVLA describing themselves as the regulator of the driving industry and insisting that every driver carries out regular risk assessments of their driving and submits them to their senior governing committee. Everyone would immediately see that they'd lost the plot. The only reason Ofcom aren't getting more widely ridiculed is that they are regulating a more niche activity, not that they're being any less ridiculous.
=> More informations about this toot | More toots from plock@mas.to
@plock @neil @Fonant @tony funny you mention driving licenses; it wasn't too long ago that the "think of the children" pearl clutchers has latched onto the idea of "identity stained IP headers".
https://johncarr.blog/2017/08/11/more-on-moderation-and-car-number-plates/
And the wife of the author of that blog is in the House of Lords...
=> More informations about this toot | More toots from networkstring@ablative.stream
@networkstring @plock @neil @tony That "number plate" idea is bonkers.
Car numberplates don't identify people, they identify cars. And not reliably either, they're very easily faked.
There are many difficulties, and problems, with trying to identify people reliably and uniquely on a global basis. Fingerprints and even DNA are not unique enough. Facial recognition is fraught with unreliability.
Numbers tattooed on our forearms? Embedded RFID chips?
Who controls the global database? Who trusts the data is accurate and up-to-date?
=> More informations about this toot | More toots from Fonant@vivaldi.net
@Fonant @plock @neil @tony of course it's bonkers. As are most of the "we must destroy the Internet to save the children" ideas that float around certain policy circles.
No amount of collateral damage is too much to save the children.
And of course, said children will be sooo grateful for the Internet they'll inherit as a result...
=> More informations about this toot | More toots from networkstring@ablative.stream
@networkstring @Fonant @plock @tony
I remember that gem:
https://neilzone.co.uk/2021/11/what-if-you-could-only-speak-online-if-you-had-a-car-number-plate-quick-comments-on-yet-another-weird-internet-surveillance-proposal/
=> More informations about this toot | More toots from neil@mastodon.neilzone.co.uk
@Fonant @neil How long did it take you to do that?
=> More informations about this toot | More toots from derickr@phpc.social
@derickr @neil Perhaps a day's work of typing, three afternoons of watching Ofcom presentations and failing to get useful answers, hours and hours of reading and thinking.
=> More informations about this toot | More toots from Fonant@vivaldi.net This content has been proxied by September (3851b).Proxy Information
text/gemini