Alec Muffett spotted the latest in a long line of proposals for the regulation of the web which can most charitably be described as “weird and confused”.
Today’s contender is here (Google Drive link).
The bit which caught Alec’s eye, and mine, is this:
If I want to log on as “Zapata” and discuss some of my (sadly non-existent) unusual hobbies or preoccupations, but without all my neighbours, employers or anyone else knowing, I should be able to do that.
But I should also know that if I cross a line, certainly in relation to the criminal law, I can be rapidly, inexpensively and accurately identified. Car number plates are the best analogy. The fact of their existence without doubt modifies the behaviour of a great many, not all, drivers, therefore unquestionably it helps create a better and safer driving experience for every road user. Note, the car registration system is a global one.
In the UK there should be a legal obligation for a trusted DVLA-type agency to acquire, keep and hand over identification data upon receipt of a lawfully executed request. Perhaps, as with driving offences, certain classes of offences could be dealt with administratively but with additional penalties attaching if a certain number are recorded. As with motor vehicles the entire system would be governed by law and the courts, only progressing to the higher courts where there is a dispute, or the allegations are of a more serious nature.
Establishing a system such as this would, very obviously, be a mammoth undertaking particularly as we sought to get other countries to join in, but we have to start somewhere.
My proposal for “starting somewhere” is perhaps by thinking this idea through a little more carefully.
The proposal is inconsistent with fundamental human rights
Article 10 ECHR says:
Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
Note, it does not say anything about a right to receive and impart information only if signed up to a government database, and if they do so in a licensed manner.
I can’t see how the proposal could be made consistent with this fundamental right.
Update: Graham Smith has prepared a good thread of other things that Article 10 ECHR / Article 19 UDHR does not say.
The National Licensed Pseudonymity Database: registration of every service, and every user
The proposal would require something approach a National Licensed Pseudonymity Database: a place which stores every Internet user’s name and contact details, and keeps a record of every pseudonym they use online.
Seriously. That’s the proposal.
A whistleblower? Only if you first create a government identity, and link your online speech to that.
A domestic violence victim? Better hope that your abuser doesn’t have access to that database?
A massive, global, licensed-to-speak, database. What could possibly go wrong with that?
But it would just be every speaker who needs to be licensed.
Presumably sites would need to query that database, to check that the would-be user has the right to speak (i.e. that their pseudonym has been recorded), or else to permit the user to log in.
An API key, for each site, to enable their users to log in or to verify their identity? That sounds a lot like a requirement of registration for every online service, by the back door.
Who is going to build the API to query every single country’s National Licensed Pseudonymity Database, to check someone is licensed before letting them speak online?
For the proposal to work, before someone can speak online, they’d need to demonstrate that they had the right to do so.
I think the proposal confuses car number plates with each individual’s driving licence, but ho hum: either way, the service would need to have a means to verify that the person who wants to speak is officially permitted to do so.
They’d need to query the National Licensed Pseudonymity Database, and check that that user was licensed, or else permit a user to log in and verify their right to speak.
Who is going to build the infrastructure for this? Who gets to design, deploy, operate, and secure what would be perhaps the biggest piece of critical
national global infrastructure? The system which, if it were compromised or taken down, would stop speech online?
Car number plates do not stop car-related crime
Vehicle-related crime, and car-related anti-social behaviour, are incredibly common.
Car numbers plates have not stopped it.
Why not deal with obviously-identified speech first?
Unsurprisingly, the proposal address pseudonymous online speech, and ignores all those who post under their own name.
If the system - whatever that is - cannot deal with people who post content under their own names, with their identities clearly visible, why are we not focussing on that first?
We spend a fortune policing the roads - it’s not imposed as a responsibility on car manufacturers
The public pays, via taxation, a fortune for policing the roads. We have public-funded camera systems, and a public-funded police force, driving public-funded police vehicles.
We haven’t said that anti-social or criminal driving is down to those who poured the tarmac, or manufactured the cars, and attempted to make them legally responsible for the actions of drivers.
(And, despite the fortune we spend, car crime remains common.)
Children under 16 are not permitted to drive on public roads
Much of the advocacy for greater online surveillance is wrapped in “think of the children” paper. (“But what about terrorists” is the other common wrapping paper.)
But, if car number plates are the best analogy available, there’s a problem: children under 16 are not permitted to drive on public roads.
If online services are “public places”, following the number plates analogy through, while adults may be required to connect via registration-bearing computers, are children to be excluded? (Indeed, do they commit a criminal offence if they attempt to go online, because they’re not licensed?)
Car number plates relate to the vehicle and not the driver. Identifying a driver requires extra information
Is the proposal to make computer owners responsible for handing over information about the actual user?
Or is it to impose liability on the owner for the actions of the user?
Or, being somewhat cynical, is the proposal using the analogy of the registration of a vehicle, but, in fact, refers to the registration of a user, which is a rather different thing.