Or “Is it true you’ve stopped killing kittens?”
Mandated user identification is coming to Europe – and your app will need to comply, while in Texas, the government is mandating online anarchy instead.
The EU proposed a regulation this week that would mandate that the apps and services developers build also enable monitoring users in secret. The regulation would force virtually all apps and platforms to harvest private online communications and content, block access to a government-controlled list of foreign websites, and mandate government sanctioned age verification (really identity verification) as a condition for accessing the internet. Does that sound like something you’d support? How about if the fines for not complying would crush your business? How about if they labeled you a defender of pedophiles for refusing? The regulation’s basis is to identify and remove CSAM (Child Sexual Abuse Material), which is pretty hard to argue against (which is the point).
Then, as if on cue, Texas courts lifted their hold on a state law that prohibits social media platforms from “viewpoint censorship.” The result is, of course, the exact opposite; government mandated speech imposed on the platform against their will. The argument boils down to whether platforms have first amendment protections like everyone else. The predictable outcome will be a race to the bottom for hate, radicalism and deviance online. Texas pedophiles rejoice!
Throughout my career I have spoken out against using edge cases to justify otherwise unconscionable laws. Societal rules should balance collective benefits against collective burdens, and avoid trading one ill for another. This is what makes the EU’s proposal for rules to prevent and combat child sexual abuse so toxic; they ask us to balance our privacy and security against the value of a child’s safety using child sexual abuse material as the proxy. The law implies we can give up a little privacy – with safeguards – to save a child, but in reality it mandates government surveillance for the potential of maybe making it easier to catch pedophiles that break the law. CSAM is abhorrent. Kids should be safe online and off. This law is a poor tool to impact either of these things.
The Texas law operates on a similarly flawed logic. It pretends that there is a right to be heard online that cannot be infringed by anyone. It tangles the constitutional right to be free from government censorship (free speech) with individual rights to privacy (no obligation to allow terrorists to make speeches on your property).
The Texas law is simple – it outlaws user and content blocking on social platforms. The boogeyman here is “private censorship.” The fact that moderated platforms have become broadly successful, while lightly censored alternatives have failed to reach scale, should tell us something about what the market wants. There is nothing in today’s laws that would prevent an uncensored service from launching. I’m a big fan of capitalism and so this seems to me like a government imposing its will over that of the people.
The EU law, in contrast, proposes many things and covers many pages (you can access it here), but boils down to only a few meaningful obligations for devs and platforms: mandated age verification; mandated (and secret) user content and communications monitoring and removal under government oversight; and mandated blocking of government-identified websites. It also categorizes the online audience as either children (under 18) or adults (18 and older), and if anyone under 18 uses your service or app (you need to certify everyone’s age) you’re in scope. So you’re in scope. The government will supply the monitoring and surveillance tools, and your obligation is to use them. Reports, audits, and investigations follow. The bulk of the document talks to all the safeguards, but in the end suspicion is enough to justify intercept.
The Texas law remains subject to challenge for its unconstitutional scope. For devs, there’s no real take-away here since it only targets big social media. Your choice is simply to embrace the anarchy or bail on your personal social media diet. In the EU however, developers have only a few options should their CSAM regulatory proposal become law. As always, you can abandon Europe and block Europeans from your app or website. You can implement the age verification / user identification process and anchor it with government databases or third parties like banks, then tweak your moderation tools to spot and capture online “grooming” (figure out what that is) or CSAM material. Or, for now at least, you can layer end-to-end encryption on everything you provide and do the best you can to keep your users safe; watch for adult to child interactions, look for linkages to known CSAM sites or sexual predators, and learn all you can about best practices to keep kids safe online and off. It’s worth noting that the debate over backdoors and encryption was fierce, and that things are far from settled in this area.
Oh, and finally one expert tip for the European Commission: if someone really wants to reach a foreign website, nothing short of an isolated Europe-only internet will stop them. And I don’t advocate for that for many, many reasons.
