Home server, or homework? Minecraft or mine field? The draft Online Safety Bill would restrict net neutrality to the well-lawyered

A regular refrain of Internet governance is something akin to:

If you regulate online services as if they are all Facebook, all you will end up with is Facebook.

The message is a simple one.

If you impose a regulatory model which treats the plethora of people which are connected to the Internet as if they were all of the size of Facebook and with the same resources (financial and legal, although the latter is probably a derivation of the former), you're going to crush pretty much everything which is not Facebook.

Myriad business, hobbyists, and groups of friends, squashed and buried under the weight of regulatory red tape.

We have, in the UK, the notion of an "open Internet". We have a body of rules, overseen by Ofcom, which governs the European flavour of net neutrality.

Under the rule entitled "Safeguarding of open internet access", anyone can connect their chosen terminal equipment and servers to their Internet connection, without fear of undue interference by their Internet access provider.

You may find that your consumer Internet access tariff does not make it easy from a technical point of view (e.g. lack of a block of IPv4 addressing, lack of IPv6, CG-NAT, and so on), but, if you want to run your own Minecraft server, or email or matrix or xmpp server, or host your own website, or whatever it might be, your access provider should not prevent you from doing so, legally or by doing "stuff" within its network.

But while the UK dangles the carrot of an "open Internet" with the one hand, with the other, it is trying to impose a complex and burdensome set of rules on the operators of Internet-based communications services.

I have written before about the impact the current draft bill would likely have on the development of Free and open source software but, today, as I double-checked the status of some of the numerous servers I run from home, it hit me that there will be many, many people - hobbyists, club members, groups of friends - who will find the draft Online Safety Bill features in their private lives, unless the current approach is amended significantly.

For example:

  • The Minecraft server you run from your home in the UK, to play with your friends? A regulated, non-exempt, user-to-user service.

  • That jitsi instance you span up on a Raspberry Pi, to have virtual quizzes with your family over yet another constrained Christmas? A regulated, non-exempt, user-to-user service.

  • The email server you run, to learn how to secure email services, or just to break away from Gmail? Well, that's exempt (on the basis of the current draft), but you'd have to have read 131 pages of legislation to get to the exemption in paragraph 1 of Schedule 1 to the draft bill.

The Joint Committee on the Draft Online Safety Bill's report recognises the massive over-reach, saying at paragraph 246:

We recommend that the categorisation of services in the draft Bill be overhauled. It should adopt a more nuanced approach, based not just on size and high-level functionality, but factors such as risk, reach, user base, safety performance, and business model. The draft Bill already has a mechanism to do this: the risk profiles that Ofcom is required to draw up. We make recommendations in Chapter 8 about how the role of the risk profiles could be enhanced. We recommend that the risk profiles replace the “categories” in the Bill as the main way to determine the statutory requirements that will fall on different online services. This will ensure that small, but high risk, services are appropriately regulated; whilst guaranteeing that low risk services, large or small, are not subject to unnecessary regulatory requirements.

That guarantee would be very welcome, although I am - cynical me - noting that it is not a guarantee of freedom from regulatory requirements, but only from "unnecessary" ones. I wonder how many burdensome regulatory camels some might try to thread through the eye of the needle of purported necessity. So to speak.

The notion of an "open Internet" will become little more than a fig leaf if it is only available to the well-lawyered, or to those capable of navigating 140ish pages of law to decide if they are in scope at all and, if so, what they have to do, before they can chat online with their friends in their own, self-controlled and hosted, environments.

There is, I should have thought, an obvious case for revising the draft bill's scope, to ensure that hobbyists, home users, and other tinkerers, are firmly - and very clearly, on the face of the early pages of the legislation - out of scope by default.


Author: neil

I'm Neil. By day, I run a law firm, decoded.legal, giving advice on Internet, telecoms, and tech law. This is my personal blog, so will be mostly about tech stuff, cycling, and other hobbies.

You can find me (and follow me) on Mastodon and Twitter.