tech | Steve Woods

Content liability: Big Tech squares up to Uncle Sam

27/01/2023 Steve WoodsPolitics, Privacy, Social Media, Tech

Following the announcement anti-trust action by the United States Department of Justice along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia against Google, Meta (owners of Facebook and Instagram), Microsoft and Twitter have all made statements seeking to defend their actions.

In their legal opinions, the big US tech giants, including Microsoft, Meta and Twitter, are warning the Supreme Court against amending Section 230 of the Communications Decency Act (CDA). This would enable actions against content recommendation algorithms, French IT news site Le Monde Informatique reports.

One week after Google’s filing of a defence statement with the US Supreme Court warning that amending Section 230 of the Communications Decency Act (CDA) “would upend the internet“, several companies including Twitter, Meta and Microsoft, have filed their own legal opinions. They support Google’s argument that a restriction of the law could have disastrous consequences for the content editors. By virtue of the 1996 CDA, the companies are shielded from liability for content posted by their users, including comments, criticism and advertising.

US Supreme Court.
Image courtesy of Wikimedia Commons and UpstateNYer

However, the Supreme Court has been asked to examine whether Section 230 was still pertinent and appropriate, given that it was promulgated before the internet became part of everyday life. The law was subject to a minute before the suit filed by the family of Nohemi Gonzalez, a 23 year-pld US citizen killed in Paris during the 13th November 2015 terrorist attacks claimed by ISIS. The Gonzalez family asserts that the algorithms should be regarded as editorial content not covered by the immunity from liability granted by Section 230 and thus Google’s YouTube subsidiary has violated the US Anti-Terrorism Act (ATA) when its algorithms have recommended ISIS-linked content to users. The Supreme Court is set to hear oral arguments in the case on 21st February next.

Criticisms of the protections of Section 230 for websites

Both Democratic and Republican members of Congress have criticised the protections provided for by the law. The Republicans believe that those in respect of liability make websites take partial decisions regarding content removal, whilst the Democrats would like the same sites to take more responsibility as regards moderation. In a statement President Biden has stated that his administration would support the position that Section 230 protections should not apply to recommendation algorithms. In its petition of 19th January, Microsoft asserts that if the Supreme Court makes amendments to Section 230, it would “strip these digital publishing decisions suit—and it would do so in illogical ways that are inconsistent with how algorithms actually work.“.

The company added that any decision aimed at restricting the law “thereby expose interactive computer services to liability for publishing content to users whenever a plaintiff could craft a theory that sharing the content is somehow harmful“. In its own petition Meta stated that the plaintiffs’ argument is “deeply flawed from a legal point of view”; by interpreting Section 230 as a means of protecting sites from liability for content posted by its users whilst removing protection from content “ignores the way in which the internet works“. The company continued by describing the plaintiffs’ position as “regrettable from a practical point of view” and by stating that a ruling in their favour would ultimately prompt “online services to remove important, provocative and controversial content on matters of general interest“.

Protection from liability essential for website operation according to Twitter

Twitter has said that the current interpretation of Section 230 “ensures that sites such as Twitter and YouTube can work in spite of the unfathomable amount of information they make available and the potential liability that might result from this“. Since Twitter’s acquisition by Elon Musk, the site has been criticised for having reinstated the accounts of people it previously banned, such as disgraced former president Donald Trump or alpha male par excellence and all-round amateur human being Andrew Tate who is currently under investigation in Romania for alleged human trafficking.

However, the review of several other high-profile cases will have to take place before the law is changed. Last week the Supreme Court was set to discuss its jurisdiction in two cases that challenge Texas and Florida laws prohibiting online platforms from removing certain political content. In addition, a Twitter vs. Taamneh case, which has many similarities with the Gonzalez vs. Google case, is due to oral pleadings on 2nd February. In this case Twitter, Facebook and YouTube are accused of having aided and abetted another attack claimed by Islamic State.
Another data protection fine for Meta

20/01/2023 Steve WoodsGDPR, Privacy, Social Media, Tech

After a record fine of €390 mn. at the start of January, the Irish Data Protection Commission is imposing a further fine of €5.5 mn. on Meta, this time for WhatsApp’s policy with regard to personal data under the GDPR, Le Monde Informatique reports.

Has been welcoming (in tax terms) to American IT companies, but is proving to be as very sensitive area for implementation of the GDPR. Meta has just experienced this once again with a fine of €5,5 mn. imposed by Ireland’s Data Protection Commissioner. This is the social network’s second fine in less than a month; on 4 January the same commission announced a record fine of €390 mn. on the personal data processing policy of Facebook and Instagram (posts passim).

In this instance it’s WhatsApp’s policy that is being censured following a complaint filed on 25 May 2018 – the date the GDPR entered into effect – by a German user. After this date the messaging service updated its general conditions of use and informed its users they had to click on “accept and continue” to indicate their consent. If they did not reply, they no longer had access to the service.As in the decision of 4th January, WhatsApp regards its data processing policy must be considered like a “contract” according to the GDPR (Article 6.1) concluded between the company and the user.

EDPB lays it on thick

The Irish Data Protection Commission investigated and drew up a draft decision which was submitted to the European regulators parties involved in this case. It proposed not imposing additional financial penalties. WhatsApp had already been fined €225 mn. in September 2021 for similar actions. However, the DPC pleaded for recognition of the contractual and thus legal nature of WhatsApp’s personal data policy – a position which caused an outcry from other data protection regulators.

The DPC approached the EDPB for a decision. It dismissed the legal basis of the contract and added an additional infringement of the transparency obligation. As a consequence, the Irish DPC is adding €5.5 mn. to the fine imposed on Meta, WhatsApp’s parent company.
GDPR"> Meta falls foul of GDPR

06/01/2023 Steve WoodsGDPR, Privacy, Social Media, Tech

Le Monde Informatique reports that Meta, the conglomerate that owns both Facebook and Instagram, has been fined a total of €390 for breaches of the EU’s General Data Protection Regulation (GDPR) in respect of both platforms’ personal data processing policy.

It has been a bad start to the year for Meta which has just been notified of a fine of €390 mn. by the Irish Data Protection Commission (DPC). The regulator is penalising the actions of Meta’s 2 subsidiaries, Facebook to the tune of €210 mn. and Instagram €180 mn. This decision concludes a case which started on 25 May 2018 (the date the GDPR entered into effect after 2 complaints had been filed – one by well-known Austrian privacy campaigner Max Schrems and the other by a Belgian citizen.

In this case Meta Ireland changed its general terms and conditions before the date of entry into effect of the GDPR, in particular “the legal basis on which it relied to legitimise its processing of users’ personal data (including behavioural advertising)”. To adopt this new policy, existing and recent Facebook and Instagram users were asked to click on the “I Accept” button on pain of no longer being able to access the platforms’ services. The questions then arose as to whether users had been forced to give their consent and if the “contract” concluded between Meta and its users conformed to Article 6 of the GDPR.

A fine increased by the EDPB

The debate was long and heated, including at European regulator level. As a matter of fact, the Irish DPC’s analysis did not meet with agreement from other European data protection authorities. For example, it considered the aspect of “forced consent” could not be upheld. Many authorities likewise thought the original Irish financial penalties too lenient. The European Data Protection Board (EDPB) was contacted to settle the matter and gave its decision on 5th December. It judged that “Meta Ireland was not entitled to invoke the legal basis of the “contract” as a legal based for its personal data processing for behavioural advertising purposes”.

It also demanded the fines proposed by the Irish regulator be raised. This is the second fine imposed on Meta in recent months by the CPD. Last November the American company was fined €275 mn. for so-called data scraping. In both cases, Meta still has the possibility of challenging the regulator’s decisions before the European judicial authorities.

Facebook and Instagram have now been given three months to bring their terms and conditions into line with the GDPR.
Fools and social media

21/12/2022 Steve WoodsMedia, Politics, Social Media, Tech

Your ‘umble scribe has not bothered with social media since the obscenely wealthy and undertaxed man baby masquerading under the name Elon Musk took the helm of Twitter and promptly set about trashing it with his control freak approach to company management, sacking lots of the tech staff that keep the platform running and demanding those that survive show their dedication to the company by working excessive hours.

This was a big wrench for your correspondent, as time not spent working was generally filled with social media discussion and debate, and so entailed a wholesale change in his daily activities (Note to self: must get round to getting on Mastodon some time soon. Ed.).

Following his acquisition of the platform, Musk installed himself as Twitter’s CEO and now seems to have reached the conclusion his rather doubtful skills are up to the job.

In recent days Musk held a Twitter poll to ask Twitter users whether he should remain as the platform’s boss. The results were not flattering if Musk has – as I suspect – a narcissistic streak.

On your bike, laddie!

Musk has now confirmed he will indeed step down as CEO as soon as he can find someone ‘foolish enough‘ to replace him.

One candidate springs to my mind immediately: an egomaniac with current experience of running a social media platform (albeit one misnamed Truth Social. Ed.). Step forward one Donald John Trump, disgraced 45th president of the United States, who spends a large share of his time playing golf (as he did whilst supposed to be occupying the Oval Office. Ed.).

I do hope these two prime examples of the Dunning-Kruger effect play nicely with one another. 😀

PS: The Register is also joining in the fun with its own poll.
Digital soup

13/12/2022 Steve WoodsBristol, Language, Oddities, Tech

On a trip to town in recent days, your ‘umble scribe was intrigued by the digital soup spotted in a shop display window,

My initial thought was “What is digital soup?“

Is it made of fingers? Or are ones and zeroes involved? Is the digital a defiant gesture to all soup makers marketed before?

As it turns out, ones and zeroes are indeed involved and the digital part of the apparatus refers to the device’s digital control panel, as depicted below.
German Federal Ministry promotes open source

14/11/2022 Steve WoodsOpen Source, Politics, Tech

The German Federal Ministry for Economic Affairs and Climate Action’s Sovereign Tech Fund (STF) is promoting seven open source projects in a pilot round. The Fund shall therefore be increasing safety and data security on the internet, as well as digital sovereignty, according to German IT news site heise.

A vulnerability in the Log4j open source Java library at the end of last year resulted in millions of potentially endangered systems. A discussion ensued about open source projects, which often represent crucial elements of the digital infrastructure.

In the pilot round the Fund is supporting the OpenMLS library, which is used for end-to-end encryption, curl, the popular command line data transfer tool and an open implementation of the BGP internet routing protocol, which communicates between network segments and autonomous systems. The Ruby package manager RubyGems and Bundler, which facilitates the integration of Ruby packages in applications will also be supported, as will the WireGuard VPN software. In addition to this, the Fund is supporting GopenPGP, a modern OpenPGP implementation in Go, and OpenPGP.js, which can be executed in the browser. Furthermore, a projects is being promoted with OpenSSH, which is the standard for secure remote connections and is one of an administrator’s most important tools.

Software must adapt

The STF characterises the projects as software belonging to digital base technologies and used extensively in business, the public sector and civil society. In a feasibility study (DE, PDF) the STF justifies the need to promote open basic technologies by the fact that although the importance and use of open source software is high, the projects nevertheless do not ‘adapt‘ accordingly and maintenance is often dependent upon committed individuals, thus increasing the risk of safety-critical vulnerabilities.

In their coalition agreement, the SPD, the Greens and the FDP emphasise the importance of open source software for strengthening digital sovereignty.However, no funds were originally earmarked for the Sovereign Tech Fund in the federal government’s draft budget for 2022. In the end, coalition partners increased the funds provided so that the fund can now get started.

The STF is promoting the above-mentioned projects until the end of the year with a total of €1 mn. Fiona Krakenbürger, the STF’s joint chief executive said: “This pilot round makes a small contribution to the sustainability of these important projects, which we hope to be able to expand in the years to come.” Projects worth funding will in future be determined in future by a committee of experts and an open application process. The STF intends to publish details of the application process in 2023.
French open source market still dynamic

10/11/2022 Steve WoodsOpen Source, Tech

The CNLL (France’s Free Software and Open Digital Enterprise Union), Numeum and Systematic Paris-Region commissioned MARKESS to carry out a study of the open source market in France and Europe (PDF), analysing the sector by identifying the main underlying trends since 2019 and anticipating future developments up to 2027.

At the heart of the most dynamic digital sectors, free and open source software is continuing its progress which started more than 20 years ago and currently accounts for a market of nearly €6bn. in France.

“Year after year, open source continues to grow, with a very encouraging outlook of almost 8% per year between 2022 and 2027. This strong growth shows the growing influence of open source on the digital economy in France and in Europe”, states Marc Palazon, chairman of Numeum.

This progress is long-term. After having grown fortyfold in less than 20 years, the turnover of the open source sector in France must is still expected to grow faster than that of the overall software and digital services market over the next 5 years. France is also confirming its European leadership, along with Germany and the UK.

For Philippe Montargès, chairman of Systematic Paris-Region’s Open Source Hub: “Open source is emerging as the quiet force of the digital sector. The growth of open source remains strong and has been for more than 20 years! France is reinforcing its European leadership with earnings of almost €6 bn. in 2022 and more than 60,000 direct jobs. These are two pieces of good news, especially since this lasting and positive dynamic is reflected in a strong increase in the penetration of free software into many innovative technologies and solutions (cybersecurity, cloud infrastructures, AI/Data, IoT, telecoms, SaaS, etc.) and extends widely throughout Europe.”

The study therefore confirms the overall dynamism of free software in Europe. Open source is becoming more and more European by being structured around companies, communities and user organisations that make it the core of their development strategies. The main reasons for adopting open source are still costs savings and the strategic leverage effect, but also increasingly the ease of collaboration and skills development. The support of the European Commission, which has been announced since the publication of the last study in 2019, has gone hand in hand with the implementation of national policies in many member states and contributes to the dynamism of the open source sector.

Furthermore, this growth is giving rise to a massive recruitment within the sector and the entire ecosystem which will have to train and recruit more than 26,000 new full-time equivalents (FTEs) between now and 2027, who will join and swell the ranks of the 64,000 employees currently developing and integrating open source solutions. The skills needed in free software are numerous and varied – developers, DevOps or marketing professionals, architects and consultants – as can be seen by browsing recruitment websites..

Beyond training, a real industrial policy must be defined and implemented in France and Europe to take full advantage of the contribution of free software to innovation, technological independence and a more ethical and responsible digital sector.

“Companies in the sector have long been calling for an industrial policy to make it an asset in a strategy to regain European digital sovereignty. Among the measures we expect: a proactive public sector purchasing policy; dedicated funding that takes economic models specific to free software into account; pro-competitive measures that limit the ability of dominants stakeholders to close down the market to the detriment of SMEs; more stringent open standards requirements and a dedicated training policy”, concludes CNLL Joint Chairman Stéfane Fermigier.
A good 404

09/11/2022 Steve WoodsOddities, Open Source, Tech

Those whose fingers get into a tangle will be familiar with the HTML 404 error code page, just one of a number of HHTP status codes, of which the 400 series deals with client errors.

A moment’s digital dyslexia this morning meant your ‘umble scribe was treated to Shropshire Council‘s 404 error page, as shown below.

Umbraco is the open source content management system (CMS) used by the council to manage its website.

Your correspondent particularly likes the final line: “This page is intentionally left ugly ;-)”.

Computer scientist Brett Victor has an artistic 404 page, which pays homage to surrealist artist René Magritte.

However, my favourite 404 page of all time assumes the persona of Marvin the Paranoid Android from Douglas Adams’ Hithchiker’s Guide to the Galaxy. Although the original 404 page linked to from this post has now disappeared, Reddit has a full transcript of the text that used to appear on that page.
Second YH4F launches

07/11/2022 Steve WoodsOpen Source, Tech

Registration for for the second edition of “Youth Hacking 4 Freedom “, the Free Software Foundation Europe’s hacking competition for teenagers from all over Europe, has opened. The contest offers young people aged between 14 and 18 the opportunity to challenge themselves, meet like-minded people and win cash prizes of €4,096, €2048 and €1024.

Registration is open until 31 December, after which the six-month coding phase will start, ending at the end of June 2023.

YH4F aims to inspire young people by giving them the chance to hack on a software project in a fair and fun way while meeting other young developers from all around Europe. The winners will receive a cash prize and a two-day trip to Brussels with other hackers for the award ceremony.

The first edition of the competition was a huge success with broad participation and well-coded winning projects. Over a hundred people coming from 25 different countries registered and submitted 35 project at the end of a five-month coding phase. The six winning entries offered sign language transcription, a smart table robot, a personal assistant, a music tutorial, a file sharing program and a homework manager. All the programs are licensed under free software licences, thus granting everybody the right to use, understand, share and improve them.

Ekaterina, one of the winners of the first edition of the YH4F competition, states: “Taking part in this competition was personally a big step as before it I have never ever programmed something and I did not have knowledge to do so. During the project I learned a lot more about programming concepts, how can I implement the modules and generally the programming language Python“.

To be eligible to enter participants must be between 14 and 18 years old and live in a European country. The YH4F competition includes an introductory online event in which the FSFE team will present the competition and answer questions about it. Participants are free to use their imagination to the competition as any type of software can be coded as long as it is free software. The projects submitted can therefore be stand-alone programs written from scratch or a modification and combination of existing programs, in addition to which participants will be able to follow each other’s work and exchange ideas.

Projects will be submitted to the expert jury at the end of June 2023.
Germany – photographing illegal parking is lawful

04/11/2022 Steve WoodsLanguage, Media, Privacy, Security, Tech

German newspaper <a href="https://www.welt.de/regionales/bayern/article241937155/Urteil-Buerger-duerfen-Falschparker-fuer-Anzeige-fotografieren.html".Die Welt states that it’s so obvious: people wanting to report an illegal parker just pull out their smartphone and then send the picture to the police. However, two men in Bavariahad trouble with the state’s data protection authorities. A court has now decided who acted corrected.

A Ferrari parked on the footway being booked in Munich.
Image courtesy of Wikimedia Commons

Anyone who sends photos of illegal parkers as part of a report to the police does not normally violate data protection legislation. This emerged on Thursday from two landmark rulings published by the Ansbach Administrative Court. With these the court agreed with two men who corroborated their reports of parking infringements on footways and cycleways with photos. For using this they received a warning and a fine of €100 each from the Bavarian State Data Protection Office (LDA). Both objected and went to court with the support of Deutsche Umwelthilfe e.V. (DUH)

The administrative court combined the two procedures in a joint hearing because of the identical questions and ultimately ruled that the procedure involved lawful data processing. However, the actual statement of is not available. The verdicts are of fundamental significance from the legal point of view, but are still not absolute.

The DUH, which supported one of the two plaintiffs in a test case, welcomed the verdict. “Illegal parking is no trivial offence, but endangers people who are travelling by bike, wheeled walking frame, wheelchair or pram”, commented Jürgen Resch, its Federal director. “The authorities should not take action against civil society commitment, but rather take consistent measures against blocked footpaths and cycle paths, illegal parking in front of dropped kerbs or at junctions; and do so not just in Bavaria, but nationwide.»

The crux of the proceedings was the question of whether digital transmission of the photos constituted lawful data processing within the meaning of the General Data Protection Regulation since there must be a legitimate interest in forwarding the image files. On the other hand, data transmission and processing must be necessary.

Accordingly, the parties to the proceedings before the court argued about whether the plaintiffs had to be personally affected by the parking violations and whether a written or telephone description of the facts including the vehicle registration number, was not sufficient. In addition, the LDA pointed out that other data such as other cars with registration plates and people can often be seen in the pictures. In reply, the plaintiffs stressed that the police had asked them to document the parking situation as accurately as possible with photos as evidence.

The LDA stated that once the judgment’s statement of grounds was available, it would examine whether the decision was an individual case or whether a reassessment of the use of photos in public places that was critical for data protection had been initiated. In addition, it wants to agree clear and uniform guidelines with the police regarding which information is required when reporting illegal parking and which communication channel should be used.