Gigging UK tech policy wonk for hire + MSc student
@lawstrath
+ author, Understanding Privacy + 2022 Internet Society Mid-Career Fellow. Personal tweets. IANAL.
I say this as half a joke, half not : at some point you’ll be better off using a 15 year old laptop with 15 year old software, not connected to the internet, not updated, and not snitching on you to 1200 adtech partners via legitimate interest while scanning your content with AI.
Here it is. If you are a professional, if you are under NDA with your clients, if you are a creative, a lawyer, a doctor or anyone who works with proprietary files - it is time to cancel Adobe, delete all the apps and programs. Adobe can not be trusted.
This is a thread for those of you who say coders and developers should take no role in politics. Those of you who watched my
#WCLDN
talk last year already heard this story. You can hear it again.
This was Rene Carmille, and that is a punch card.
See that table on the left? That's catering. Some low-paid workers had to prepare that food and arrange those dishes and set up the trays and burners and then go back later to clean it all up, booze and pathogens and all, and then they couldn't see their families.
EXCLUSIVE: Extraordinary image of raucous Christmas party thrown by Tory aides at party HQ during coronavirus restrictions last year.
Party hats, drinks, an entire buffet - while we were all banned from meeting just one other person socially indoors.
My teenager has shared her cohort’s reaction to the national service plan, on the app they also want to ban, on the smartphone they also want to ban. That’s three layers of teenage sarcasm primed and ready to launch at the Tories, folks.
"Dorries arrived at a meeting with software giant Microsoft and immediately asked when they were going to get rid of algorithms, according to an official given an account of the meeting."
Nadine Dorries will publish Britain’s online safety bill tomorrow. I have spoken to a lot of people over the last few months about her approach to the flagship legislation, which she has made her personal mission.
As is his legacy. In the Netherlands, 73% of Dutch Jews were found, deported, and executed. In France, that figure was 25%. It was that much lower because they couldn't find them.
They couldn't find them because Rene Carmille and his team got political and hacked the data.
I regret to inform you that Labour are also going all in against VPNs, because (as they say) 16 year olds will use them to bypass the Bill's UK-wide age verification walls.
I'm just the live tweeter here folks.
#OnlineSafetyBill
The above tweet is dedicated to everyone I have ever mentored out of crippling impostor syndrome, and to everyone whose hands I have ever held while they vented their feelings over not being good enough.
You got this.
Then he and his team engaged in - if not invented - ethical hacking. They physically hacked their IBM punch card machines so that nothing could be entered into column 11: religion. That data, for those thousands of people, was missing.
Phenomenal. Google is introducing a tool for under-18s to request the removal of images of themselves from search results, in a rightful f-you to their oversharing parents and grandparents. And I hope they are ruthless with it. ✊
That's great up to the point that everyone recalls that banners aren't GDPR at all, & that the rightful hatred of those banners under a completely separate law is being used as leverage to scrap your basic rights over the collection, use, and sale of your personal data in GDPR.
Oliver Dowden, the UK Minister for Digital, Culture, Media and Sport, says that the UK will break away from GDPR, and will no longer require cookie warnings, other than those posing a 'high risk'.
On
#HolocaustMemorialDay
, as the people in the data we collect and store and share face threats we never thought we would see again, you need to be prepared to go that far when the day comes when it is you handling the data.
You can, and you will.
Um, yes, yhat's exactly how trade deals work. For the 1,000th time: the UK cannot have a data adequacy agreement until it is a third country outside the EU, not before; and because of surveillance & human rights issues there's no way in hell we'll get one.
@stephemcneal
@JamieJBartlett
this is the classic pathology of Narcissistic Parenting Disorder: she's actually threatening him with her eventual rejection of him - which is well underway - for failing to perform his special skill on her behalf. It existed long before Instagram.
This paper suggests that the introduction of the GDPR led to a halving in the rate of new app entry on the Google Play Store. Seems like a massive drag on innovation.
He and his team were caught, and interrogated, and tortured. Rene Carmille died at Dachau. I have been there. There is a smell of burning flesh in the air. It is still there.
In the background, he sifted through the data to find recruits for the French Resistance. He and his team went further than that. They did things like leave boxes of census records - thousands of people's data - in a back room, unprocessed.
Rene Carmille was the comptroller general of the French army. He eventually headed up the French census. Census data - innocuous, straightforward facts about people - was tabulated on IBM punch cards. Then the Nazis came.
Rene Carmille had all the data about all the people. He saw what the Nazis wanted to do with that data. So he made a decision about what to do with it. He did his job, externally, for the Nazis, of course.
This is huge.
Absolutely huge.
Government has conceded that the Online Safety Bill's spy clause on end-to-end encryption was built on magical thinking.
They've kicked it into the long grass.
I'm speechless.
Exclusive: the government has conceded that technology to scan encrypted messages does not currently exist and powers in the online safety bill could not be used until “technically feasible” w/
@AnnaSophieGross
Having a good day? You're not anymore, because I've just hit publish on my long-promised post explaining the compliance obligations ahead for you under the UK's Online Safety Bill. If you're not big tech, this means you.
It's 4,000 words. Grab booze.
After 7 hours, the story of today's
#OnlineSafetyBill
debate was
@UKLabour
's total collapse.
Any bad idea, they leaned into it.
Any technical illiteracy, they embraced it.
Any unworkable policy, they ran with it.
Any grandstanding, they shouted it.
No one wins from that.
Watch out for a lot of this: journalism painting the lack of a adequacy agreement as EU intransigence, when it's entirely the UK demanding the entitlement to remain a member of a club it's leaving without the club's rules applying to it.
I was looking for an old file today and came across the infamous Glasgow newspaper's telly preview of the Trump inauguration. We don't do passive aggressive here.
There are self-owns, and then there's the former champion of the Online Safety Bill "for the children" letting slip that she knew about a fellow MP in possession of CSE but decided to save it for when she had a book to sell.
Watched the whole debate and holy mother of code,
@mer__edith
put on a masterclass on sticking to a top line in a bad faith argument. Contrast her cool focus with her debating opponent's body language and, frankly, facial colour. Go find the whole piece - starts at 33 minutes.
"No way to create a backdoor that only the good guys can walk through."
Signal President Meredith Whittaker says the Online Safety Bill will cause "unprecedented paradigm-shifting surveillance" - in a discussion with
@cathynewman
and former UK Tech minister Damian Collins.
This is Number 10 advising Russian citizens to use VPNs, which of course is an endorsement for anonymity and privacy and secure encryption. If anyone needs me, I'll be rocking back and forth in a corner, along with every other very tired tech policy wonk in the UK.
Me, I miss the good old days, when all you had to do to get the software you needed for your job was select a code off a sheet of paper, in front of a van, at The Barras, give the code to a guy with an earpiece, and wait ten minutes for the guy in the van to burn your CD-Roms.
To tl;dr this breaking CJEU judgement for the non-wonks:
a) your site's FB Like buttons render you joint data controllers with FB, as you are transferring site visitors' personal data to them; therefore
B) FB pixels need prior active opt-in consent.
As long as this tweet is hopping around, sometimes I occasionally remember that I wrote a book about foundational privacy for designers and developers. It's good. You'll like it.
If only there was some sort of boat-related historical metaphor for a week where hundreds of third-class travellers sank to the bottom of the sea while the media obsessed over the fate of the millionaires travelling in first class
It's amazing how the UK normalised the artificial concept of the "property ladder" - the expectation of buying a place that doesn't meet your needs for sole purpose of selling it. I know absolutely nobody who wants to "get on the property ladder". They want a place to call home.
The theme of 2021 so far, on both sides of the Atlantic, seems to be privileged white men thinking they're entitled to instant forgiveness for the years they spent promoting division and hatred that someone fed them on a message board. They're not.
“I regret voting leave” the owner of one of Devon’s largest fish exporters said he was brainwashed by brexiteers, now his business is facing ruin because of Brexit
Three years ago today, thanks to my ex-husband, I became homeless. Yesterday I was in the BBC, Wired, and the Guardian. It's been a tough ride back up from rock bottom. But it's starting to get a bit fun. Thanks, as ever, to those who got me through those first awful days. 💛
Bitche (the e is silent) is a small town in North-Eastern France. 🇫🇷
Facebook took down the city's official page because ... well, they did not give a reason but you can guess what happened.
New personal post:
Pop-ups are dead, long live pop-ups: or, the bait-and-switch hidden in today’s cookie announcement
It's 3,000 words, pour a coffee folks.
Is anyone else getting really quite tired of this ongoing psychodrama where elected officials and public servants actually work for the Telegraph, and not the British public? Keeping in mind 1/2
@Rachel_deSouza
@Telegraph
Aren’t you a public servant? If so, why are you publishing proposals behind a private companies paywall? Why should every citizen who wants to read your proposal have to pay the Telegraph?!
Nadine Dorries' DM column today, titled I kid you not "I Googled my name, and learnt all about Big Tech!", is her proud account of her leadership on the Online Safety Bill. You want to laugh at it as a joke. But you can't, because it wasn't.
@ShippersUnbound
Today's 16-18 year olds will still be working well into their late 70s and early 80s with little to no pensions, property assets, or social safety net. Let them have their lie in.
Now that I've shared the news on stage
@smashingconf
, I am absolutely delighted to announce that
@smashingmag
has commissioned me to write the book - literally - on privacy for web professionals. All going well, it will be published late spring/early summer 2020.
#smashingconf
As
@davidakaye
wisely tweeted recently, one guy is singlehandedly blowing up 25 years of light-touch, pro-internet legislation, and government patience, by the day. Darker times are coming for all of us, whatever platform we use or none at all.
@ericfreyss
I do think that this changes everything with regard to section 230 of the Communication and Decency Act. I would like to know what the
@fcc
and the
@ftc
thinks about this...
@OliverDowden
Just to be clear here, as SoS for DCMS, under the Online Safety Bill, are you going to be personally intervening like this in every case of online abuse which involves one of the boys in the locker room who you happen to like?
My life is currently at that very weird point where I have Chatham House inviting me to speak at a policy roundtable, on one hand, while I have the Jobcentre telling me to "stack shelves or scrub toilets" (actual quote), on the other. 🤷🏼♀️
@edent
This sculpture outside the Holocaust Centre in Oslo brought it home to me. It’s a punch card, and lights up with various items of personal data, making the point that seemingly innocuous data can be easily abused.
"The UK, halfway out the door of the EU, has decided to integrate its own security policies more deeply with the rest of the bloc, in a last-minute move to get access to EU data." H/t Politico London Playbook
If your child is hurt online, you get a PR and a VIP seat in the viewing gallery and your pain is taken seriously.
If your child is hurting offline, from cold or hunger or illness or MH, and you're breaking your body and your heart and you still can't help them,
sucks to be you.
Heads up that this will be the week when sweeping eviscerations of your privacy rights will be announced, but promoted only as "getting rid of cookie banners" and "casting off EU bureaucracy", which means they'll be enthusiastically applauded. As always, read the fine print.
“We all know the Trump campaign feeds on data, they are constantly mining these rallies for data,” said one Tik Tok user.
“Feeding them false data was a bonus. The data they think they have, the data they are collecting from this rally, isn’t accurate.”
WordPress 4.9.6 ships shortly and it includes a few GDPR tools, including a tool to help site owners write a GDPR-ready privacy notice. The guidance text you'll find to help you write it is my contribution, ably given the UX treatment by the project team. Happy writing.
ICYMI there's no way to overstate how huge this is. The UK has signalled a move away from the intermediary liability principle against general monitoring obligations, which built the open web for 25 years, to pave the way for the
#onlineharms
framework. "World-leading" indeed.
In which the UK government drops its policy of keeping aligned with Article 15 ECommerce Directive (general monitoring obligations) post-Brexit. New on my blog.
#OnlineHarms
In the past month I've
-helped to ship privacy tools in WP core;
- helped to set up Privacy as a permanent WP dev area outside legal frameworks;
- helped to ban WP plugins from claiming instant legal compliance.
Not bad for a woman living in a homeless unit with no internet. 😉
I'd also like to remind everyone that every time a government minister or ambitious MP makes a policy announcement about digital regulation in an EXCLUSIVE, PREMIUM newspaper column, behind a paywall, God kills a kitten.
Won't somebody think of the kittens
I'm watching Sky News dissecting every line of a private chat involving the Minister for Digital, who's set to be granted substantial snooping powers over our private chats, and folks, the irony is more delicious than my homemade gingerbread.
On Sky News, IDS just pointed at Adam Boulton and said "You're as much in trouble because the establishment has to recognise that if the British people promise to do something we have to do it."
The
@Conservatives
are threatening the media and it's only a quarter past nine.
@danbarker
That's great up to the point that everyone recalls that banners aren't GDPR at all, & that the rightful hatred of those banners under a completely separate law is being used as leverage to scrap the basic rights over the collection, uses, and sales of our personal data in GDPR.
For those of you who knew the story already, I'll give you a new one. It's about the people in the data Rene collected but couldn't save, and the velodrome where they lost their humanity.
Life in the UK, in the 13th year of Conservative rule, is basically getting up in the morning, making a coffee, and scrolling through your phone to see what new little bits of your country fell off it overnight.
Some news: I've been honoured to accept an invitation to join UNICEF's expert working group on developing a "Manifesto on Good Data Governance for Children." We'll create global benchmarks to respect children's privacy rights in a rapidy changing world.
🥳At long last, it’s here. My book, “Understanding Privacy”, is now out. You can get your copy here:
Today’s release is the ebook version (you get the pdf, epub, & Kindle formats). The print version will follow in November at the speed of logistics. 1/2
Basically, if there's ever another pandemic which requires young people to perform a year and a half of national service for the benefit of the sneering and ungrateful elderly, they're just going to let it cull the elderly.
FT's Alphaville, which is not exactly a one guy and a dog hobby project, gives up trying to run its own Mastodon server; citing, amongst many other things, the senior management liability provisions in the Online Safety Bill and also the Investigatory Powers Act for fun.
🧵You're going to read a lot today about the government's plans for the Online Safety Bill on
#onlineharms
, a regulatory process which has eaten up much of the past two years of my professional work. I suppose if I had a hot take to offer after two years, it's this:
Not to state the obvious but if you know someone doing this, you report it to the police. Full stop. End of. You don't keep quiet for the team. You don't save it for power leverage. And you absolutely do not drip-feed it to the tabloids as an ~exclusive reveal~.
For money.
I am now seriously tempted to boot up the 2008 laptop in the storage cupboard, fire up this bad boy, make a thing, export it to USB, stick it on my mbp, upload it to my hosting account, and publish it, to prove a point.
(This succeeded my hand-coding from 1996-1998.)
Diplomatic version: please don't use non-standard characters in your tweets, like the bold, italic, typewriter, and letters-in-circles fonts in Unicode. Screen readers and assistive technology read them out loud, as code, one code unit at a time, not as a letter or as a word.
This article on the sense of betrayal that young people feel, at the moment when they discover how much of their private lives their parents have exposed to the world, is unforgettable.
PSA
1. The internet is not Big Tech
2. The world is not America
3. The world is not run by American tech bros
All together now:
4. The internet is not American big tech platforms run by American tech bros
I know we talk a lot lately about the UK's assault on e2e encryption, and it may seem a bit over the top, but it's important to understand what's on the table, and what policymakers are being told. Here a thread about e2e in the
#onlineharms
context.
Your reminder that the new Health Secretary wants the use of end-to- end encryption to be criminalised in the
#OnlineSafetyBill
, and for criminal sanctions be applied *retroactively* to those who are using it *now*. And yes, that is going to be a problem for your health data.
And so it came to pass, o ye of little faith, that Tuesday's Commons session on the Online Safety Bill will include some new proposed amendment language maintaining system and data integrity, no backdoors, and no forced decryption.
Oh FFS I switched on my
@SamsungUK
telly and got the privacy settings, where they have reset all their hundreds of third party snitches back into opted-in consent and LI.
After I had to spend nearly an hour last time manually opting out of each vendor, one at a time.
There's a reason why
@jilliancyork
calls demands for social media ID registration "the white man's gambit": the only people who want it are those who see no need for anonymity because their position, class, race, or privilege means they will never need it to protect themselves.
I suspect a lot of the people building and influencing the
#OnlineSafetyBill
are starting to wonder if they've actually been played as useful idiots for authoritarianism. They should.
That perfectly reasonable tweets about an MP’s voting record are now being characterised as abuse doesn’t bode well for the forthcoming Online Harms Bill.
If you read between the lines, and the PR quotes, what you won't read in this document is anything about your consent to your health data being shared, packaged, or monetised. Consent is a European concept, you see, so it must go.
Data saves lives. Today we’re publishing our Data Strategy, which sets out how we’ll bottle the spirit we’ve seen throughout these arduous eighteen months & use the power of data to build back better & save lives.
Thread ⬇️
1/3