[Back to Computing and IT]
Introduction
This is a brief set of notes following a discussion in November 2024.
In recent years, increasingly large areas of our lives depend upon the Internet - either in part, or entirely. It seems inevitable that this trend will continue. Governments and businesses are providing services through the Internet, and offline alternatives are hard to find; sometimes, the only 'alternative' on offer is to visit a local library and use the Internet connection there.
Once you start to use the Internet, you are vulnerable to various forms of online harm. Any response to this will inevitably result in an arms race: you take some measure to counter the harm, and the other side finds ways around the measure. There is no end point to this process, as technology and social pressures continue to develop, but there can be points of relative stability, where the cost of security essentially balances the cost of the harm being prevented.
The Main Issues
The details we talk about here are likely to become dated in a few years - maybe less - but maybe the principles involved will last a bit longer. What do we need to do, and how should we do it? There seems to be three main, overlapping, areas of concern.
Online anonymity. There are many reasons why people want to prevent online anonymity - to stop children accessing inappropriate material, or paedophiles connecting with children, or criminals selling stolen goods, for example. But there are also good reasons to protect it - to prevent persecution of minorities and political dissidents, for example. So is online anonymity an important freedom, or a foolish open door for criminals?
Personal data. The companies we deal with online collect our personal data - sometimes for necessary business reasons, sometimes to improve the services they provide and target the services they offer, and sometimes in order to sell it. Sometimes, our personal data can be worth more than the business which generated it. In theory, in the UK, we control our personal data, but in practice the large companies do what they want with it. Is there any way we can retain genuine control of our personal data?
This issue is increasingly significant as we move away from using cash and move towards electronic payments. Retailers used to be left at the end of the day with a till roll itemising the value of each sale, and money in the cash register; now, they know who bought almost every magazine, packet of cigarettes and bag of crisps. The amount of data we are generating every day has massively increased. And this is in addition to the online activity, where Google knows what you are searching for, Facebook knows what you are saying and responding to, Amazon knows what you are buying, and your ISP can track the destination of all your Internet activity unless you use something like TOR.
Child protection. The loudest voices seem to raised around the need to protect children online. Many people appear to be primarily concerned about the access children have to sexually explicit material, but it is arguable that there are more serious dangers for children - such as online bullying, predators building relationships with them by pretending to be children, and access to depressive and nihilist material promoting self harm and suicide. Because many children are effectively living online, they are subjected to these things throughout their waking hours.
The concerns expressed often focus on social media and 'adult' site providing pornographic material, but online games, especially of the world-building kind, can also provide access to an unsupervised community of players.
More generally, when children are concentrating on screens for much of the day, this reduces the amount of physical exercise they get, and it limits their experience of the real physical world. When they are living online, they will inevitably develop an unrealistic understanding of reality - both social reality (what is expected of them, what is acceptable behaviour) and the possibilities and dangers they will find in the real world.
Their easy access to pornographic material does pose a real danger to children, but the nature of that danger does not lie in the fact that they can see 'unsuitable' material: pre-pubescent children have no interest in watching adults engage in sexual activity. The real danger comes when they start to be interested in sex: the material available to them gives them a completely unrealistic set of expectations concerning human sexual activity, and the easy access they have to highly stimulating material means that they can fail to be stimulated by the more prosaic reality of their real world experience.
Proposed Solutions
Child Protection
The main demand here is for websites to implement age verification. But, as yet, there seems to be no effective way to deliver age verification. You can ask people to provide their date of birth, so they lie. You can ask people to prove their age by connecting with an external proof of identity, such as a credit card, so they borrow a credit card.
One underlying problem here is that there is no integrated way of handling online identity. When one service is used as a proof of identity to create an account or log in to another service, there should always be an acknowledgement of this event sent to the original service, so that the owner knows it has been used in this way. Good cyber security practice here may eventually be implemented, but there does not seem to be any great appetite for it as yet.
Another underlying problem is that computers are often left switched on, logged in and unattended - it can be irritating to leave your computer for two minutes to make a cup of coffee, and find you need to sign in again. This issue may be partly addressed in future by building into the hardware some version of RFID verification, so that the machine unlocks when a verified person (or someone with a verified tag...) is physically present, but again there does not appear to be any great appetite for this at present.
Parental controls have proved to be largely ineffective - partly because many children are able to navigate their way around the controls, partly because any list of sites to be blocked by the parental control software will inevitably be constantly out of date, and partly because there is no agreement on what children should have access to - or on what age you cease to be a child for this purpose.
Some of the problems caused by young people accessing online pornography results from the nature of the material, which is often immoral and unrealistic. So one way to reduce the harm is to ensure easier access to pornographic material which is moral and more realistic - which treats women respectfully, which makes their pleasure as important as male pleasure, which takes consent seriously, and shows appropriate use of condoms, for example.
Australia's Online Safety Act 2021 aims to make online service providers more accountable for the online safety of the people who use their service. It will be interesting to see if it makes any real difference, or if any services which are restricted simply spring up outside the reach of the Australian authorities.
Online anonymity
Some of the problems with online anonymity are likely to resolve themselves, as people learn to appreciate the importance of protecting their online identity. When people started to drive cars, there were no laws about what they could do, and no Highway Code, but very soon a speed limit and other rules started to appear, eventually drink driving was banned, and now most people take road safety for granted. You don't leave your laptop unattended in a public place while you are logged in to your bank account, even if you have 'friends' who will make sure nobody walks off with it.
It's difficult to create laws to control the Internet, because national laws only apply within the nation's boundaries and to its citizens. If we want to regulate the Internet, then it is hard to see how this can be done by any body other than the United Nations.
The regulations must, fundamentally, make potentially harmful material and activity only accessible to registered members, and registration must meet a certain minimum standard. Money laundering regulations ensure that I can't open a bank account without providing certain documentary evidence to verify my identity and then, when I apply to the bank for a credit card, it is posted to a physical address. Similar measures can be required for access to websites which fall within certain categories.
It would seem both unrealistic and undesirable to prevent all online anonymity: there is no good reason to track the identity of everyone browing images of pictures in the National Gallery. But the arguments about what website usage should be tracked, and the details of how it should be done, are likely to take a long time to resolve.
It is possible that the free market will play a part in resolving the difficulty here - to some extent, at least. Social media sites which allow anonymous accounts will experience the trolling and mindless cruelty which inevitably happen when people are allowed to act without personal consequence, which must offset to some extent the ease of setting up an account; social media sites which require external validation of account holder identities will experience these problems to a lesser extent. People who care about the way we interact with others will tend to migrate: you will get the sort of service you are willing to pay for - if not in money, then in the time and effort it requires to join. It's a possibility, anyway.
Personal data
For many people in the West, Internet access is functionally free: the computer, laptop or smart phone is a sunk cost, the electricity is not significant, and the cost of Internet access is part of a package providing phone, TV and various subscription services. Google, or some other large company, provides free email; many other free services are available, and while many people have heard that, "If you don't pay for the product, you are the product," the trade often seems a fair one.
So we don't value our personal data. Each individual piece of information is worthless, but when the pieces are put together there is real commercial value - and, increasingly, political value, as political parties and pressure groups find themselves able to target specific groups with specific messages.
Targetted or personalised marketing seems like a good thing when a shop is trying to sell their products - why not display adverts for things I might be interested in buying? I might spot a bargain. But when it comes to political choices, targetted marketing is dangerously close to electoral fraud. If you are worried about crime, I can tell you about our commitment to law and order; if you are worried about the cost of living, I can tell you about our commitment to reduce government spending; if you are worried about immigrants filling up accommodation which is needed by local people, I can tell you about our commitment to strengthen our borders; if you are worried about the NHS and the care sector not being able to find workers to fill the job vacancies, I can tell you about our commitment to make it easier for skilled people to fill those gaps. I can tell everybody what they want to hear, and don't have to tell anyone how we will reconcile all these conflicting policies. These social media posts are not official policy, so there is a powerful message with no real commitment; the manifesto can be a bland statement of generalities, and nobody reads it anyway.
And this is how legitimate political groups can use social media; 'bad actors' can use personal data in a similar way to deliberately spread fear and lies, reducing public trust in the institutions we all depend upon.
Possibly an even larger danger comes with the increasing ability of governments and powerful companies to use the information they hold about us, in order to control us or make us more likely to do what they want. Knowledge is power and, in this area, the power all seems to be in the hands of the big players. The largest and most powerful companies in the world today produce software accessing the Internet, which itself should be a worrying observation. We have some measure of safety at present, because these companies are competing with each other, but what will happen if they decide to merge or cooperate? National anti-monopoly legislation might be able to limit actual mergers, but if they choose to cooperate behind the scenes, who will be able to control them?
(A short Facebook video nicely illustrates one of the concerns many people have about powerful companies with access to our data. It's presented as a joke, but it's not actually funny.)
The only protection we have against the domination of these companies is open source - both software and hardware - as promoted by groups such as the Open Group (previously the Open Software Foundation) and the Free Software Foundation. Transparency gives us real choice, and open source products are generally more responsible in giving you power over your data - in part, for ideological reasons, and in part because they cannot hide what data they are collecting.
Comments