2
Select Committee on Communications
Corrected oral evidence:
The internet: to regulate or not to regulate?
Tuesday 24 April 2018
3.30 pm
Members present: Lord Gilbert of Panteg (Chairman); Lord Allen of Kensington; Baroness Benjamin; Baroness Bonham-Carter of Yarnbury; The Lord Bishop of Chelmsford; Viscount Colville of Culross; Lord Goodlad; Lord Gordon of Strathblane; Baroness Kidron; Baroness McIntosh of Hudnall.
Evidence Session No. 1 Heard in Public Questions 1 - 11
Witnesses
I: Dr Victoria Nash, Deputy Director, Policy and Research Fellow, Oxford Internet Institute; Professor Lorna Woods, Professor of Internet Law, University of Essex; Professor Christopher Marsden, Professor of Internet Law, University of Sussex.
USE OF THE TRANSCRIPT
This is a corrected transcript of evidence taken in public and webcast on www.parliamentlive.tv.
Dr Victoria Nash, Professor Lorna Woods and Professor Christopher Marsden.
Q1 The Chairman: I welcome our witnesses to this first session of our new inquiry into the regulation of the internet. I will ask our witnesses to introduce themselves in a moment.
The inquiry is wide-ranging. We will examine how the internet is currently regulated in the UK and in other countries, with a focus on transparency and the accountability of platforms and their responsibility for the content they host. We will be looking at the role of users in establishing community standards for content and behaviour and at the effect of Brexit on internet regulation. So it is a broad inquiry, as I say.
We have held a number of previous inquiries in this subject area, and we have seen how the internet transforms the way we communicate with each other and how we consume services, but we have also seen that it can be a platform for inappropriate and sometimes illegal behaviour.
We start by asking a general question about whether the internet needs to be better regulated, bearing in mind the important balance between regulation and freedom of expression. We will ask our witnesses to address those issues.
I thank our witnesses for being with us today. Our opening witnesses are leading and eminent legal experts. They are Dr Victoria Nash, Professor Lorna Woods and Professor Christopher Marsden. I advise them that the meeting is being broadcast online and that a transcript will be taken.
I will now ask our witnesses to introduce themselves briefly and, in their opening comments, to answer a fundamental question: do we need a regulatory regime for the internet? Is it desirable? Is it possible? If it is, what form should it take? Do you favour self-regulation, something more directive, such as co-regulation, or imposed direct regulation by statutory body? Shall we start with Dr Nash?
Dr Victoria Nash: I am deputy director of the Oxford Internet Institute, which is a multidisciplinary department of the University of Oxford. We were set up in 2001 specifically to look at the societal implications of digital technologies. That is broader than the internet, obviously; it is the internet of things and AI. My role there since the very beginning has been twofold. One is to conduct research. I am a political scientist and I have worked largely on issues of child protection, child safety and freedom of expression. The second hat I wear is to keep an eye on internet policy and regulation of debates, and to contribute to the department’s work, where I can, to ensure that we are well connected.
The question you asked me to kick off with obviously exercises us on a daily basis. I should probably make it clear that, by way of conflict of interest, we have received funding from some of the social media companies that you might be thinking of today. We have received far more money from the Government, through the research council, so we have conflicts of interest on both sides.
As for whether we need a new regulatory framework for the internet and whether that is desirable or possible, my personal view—I would not say I am speaking for all my colleagues here—is that we do not need a new regulatory framework at this point. What we need is to use the frameworks that we have more effectively. For me as a researcher, a key thing I have done over the years is to look at the empirical evidence on harms that arise particularly through minors’ use of things like social media and internet platforms. One difficulty is that often that evidence is quite inconclusive. I were to apply a test as to whether or not new regulation is needed, I would want to be very clear that there is a new evidence base that identifies clear instances of harm and, importantly, where we can identify measures to address that. I am not convinced that we have that.
On the other hand, we clearly already have very strong legal principles in place around certain sorts of content and behaviour that are illegal and not fully enforced, and where we see perhaps a lack of full responsibility on the part of some of the bigger players in this area, even the ones that say they are very willing to co-operate—and it is important to recognise that the big companies seem to be willing to co-operate. I would like to find a way of making more of that willingness to co-operate to ensure that higher standards of responsibility are met.
In particular, I would like to see more of what you might call “procedural accountability”. We have already seen examples of procedures by companies such as Facebook and Google that try to shed some light on how they deal with issues such as illegal content or requests from Governments to take down content. I am thinking of things like transparency reporting, and possibly advisory boards. The problem is that we have no means of independently auditing those activities. That is the gap.
I suggest a move away from a lack of fully enforced existing regulation and a degree of self-regulation and I wonder whether there could be more room for co-regulatory options whereby you might ask for greater transparency, more frequent transparency reports and, importantly, independent audits of the data behind those, as we have seen with the digital charter. Those might look not just at how promptly content is taken down, for example, but whether it is accurately removed. The balance between ensuring freedom of expression while also ensuring that we comply with the law is really important.
That is broadly my approach to this subject.
Professor Lorna Woods: As a brief background, I started my career in the City of London as a solicitor at the time of the duopoly review and the 1990 Broadcasting Act. Coming from a media and telecoms background, I find the internet caught in the middle. I am now a professor of internet law at the University of Essex and a member of the human rights centre there.
I am currently engaged in a project with Will Perrin, who is in the audience, I believe, and the Carnegie Trust, on reducing harms in social media. We are looking at a regulatory framework as to how that might be achieved and trying to avoid some of the questions about making platforms liable for the content of others. I will be happy to talk about that if you want, but I will just put that on the table.
As for what we have at the moment, I suppose it depends what we mean by “the internet”. There is lots of regulation at lots of different levels; I suspect Chris can probably say more about the infrastructure regulation. We have net neutrality, for example, which is one form of internet regulation. There is, as Vicky has mentioned, a whole tranche of criminal law out there of varying degrees of effectiveness. Section 127 of the Communications Act, for example, has been used in relation to Twitter harassment. There is a whole range of criminal offences.
I suppose my take is different from Vicky’s in that I am concerned that in the absence of effective mechanisms for people to complain, and perhaps for the quiet people to have some space, there is an overreliance on criminal mechanisms, so we end up with a situation such as the Twitter joke trial, where we think, “If there is a real issue, is it dealt with best by the criminal justice system, or is it better instead to look at something regulatory but less intrusive?” I use the word “regulatory” here to encompass everything from self-regulation to direct, top-down regulation.
I am sceptical about self-regulation. The examples of good self-regulation that are usually given—the ASA and the BBFC—are, in a way, co-regulation; they both have a statutory framework and they neighbour industry regulation. The BBFC was about the cinema operators controlling the content providers. The ASA has a similar relationship through the professional distribution chains, so I am sceptical, especially in an age where we seem to have one story after another about problems.
Particularly with social media, there may be a case for a regulatory framework that at least sets the boundaries of the information that has to be given and tackling risks. Other forms of internet, such as online selling, might have a different regime, so you may not need to take the same approach right the way across content services. Of course, some content services are already regulated. We have the proposed audiovisual media services directive, if you want to talk about Brexit, that proposes that video sharing platforms should be subject to some sort of controls with regard to hate speech.
Professor Christopher Marsden: I am a professor of internet law at the University of Sussex. I am a media board member of the Society for Computers and Law, the professional society for lawyers interested in this space, and on the stakeholder advisory committee of Nominet. Neither of those are paid roles, and I am certainly not speaking on their behalf or that of the University of Sussex. I have also advised many Governments over the years on these things. I mentioned to Dr Nash before we came into the room that my last time before a Committee of either the Lords or the other place was the joint scrutiny committee of the Communications Bill 2003. At that point we were asking when we would move away from self-regulation towards some form of co-regulation, and here we find ourselves again, 16 years after Lord Puttnam chaired that Committee. I will eventually come on to co-regulation, which in a way is my specialism.
The framework for internet law is quite old. It is based on a US law, the Communications Decency Act of 1996, so it is 22 years old, and we have dealt with the way in which it has been adapted since then. In the UK, of course, we have the E-Commerce Regulations 2002, which are based on the Electronic Commerce Directive of 2000 which itself was drafted in the last century. So the framework for internet law at least is actually from the last millennium, which may lead us to think that it is perhaps due for an update.
Of course, we deal with several pieces of law that are much older than that. I taught a class this morning in which we discussed Magna Carta. Some of the issues that arise out of the Panama Papers leak concern the breach of privacy and attorney-client privilege. Those date long before the internet. Many of the issues we deal with have a longer history.
This point has been made already, but I want to extend it; internet regulation broadly does not just involve the law. We are all regulated by the internet. Many of us are amused by the fact that nudge regulation has very much become the issue that government talks about as a way of influencing consumers, but anyone who has been using the internet since the 1990s is aware that the internet is constantly nudging us in the direction in which various parties want us to behave. It is the largest single experiment in nudge regulation that exists. Ever since the browser was invented and the first cookie was placed on a computer we have been nudged in different directions. I know that the inquiry in the other place has been talking about some pretty substantial nudging in the political sphere.
Of course, self-regulation continues. Even in the absence of any new laws we would expect the development of the internet not to be static. As I have described it to the European Commission in the past, impact assessments of internet law that ask, “What happens if we do nothing?”, do not involve stasis. The zero option is the internet continuing to develop. Our relationship with the internet, as society and as individuals, continues to develop, so the do-nothing option is not one in which nothing happens. A great deal happens, but without legislative impulse.
Let me say something about co-regulation. Co-regulation is now even used by the United States Congress to describe certain aspects of internet regulation, so it is quite a broadly used term that is used not just in Brussels and Paris but here and in North America to a great extent. It actually came from Australia.
One of the interesting things about co-regulation and the extended period of time in which we have been talking about it is that we have often talked about de jure co-regulation, where we have a piece of legislation in place that tells the industry, “regulate or else”. A very good example is the Digital Economy Act 2010, which included two specific elements of co-regulation. One told Nominet that it will have to behave as a disinterested party; I can talk about the details later. The other was to do with the Authority for Television on Demand, which was later subsumed within Ofcom but was very much a co-regulatory initiative.
There is also de facto co-regulation, where the regulators have used their powers of extreme persuasion. It is an area where the industry players are very aware that the regulator has power. I am not suggesting that the regulator would improperly pull those discussions into other areas, but naturally if a telecoms company is talking to Ofcom, which regulates it formally in one area, and Ofcom wishes it to take action in another area, such as one area in which I am a specialist—the voluntary code of conduct that was introduced on net neutrality and broadband speeds—the degree of voluntariness in that, from the point of view of the telcos, was pretty limited over the years in which it was being introduced. We should be aware that there can be lots of de facto co-regulation taking place as well as the formal de jure co-regulation that is included in pieces of legislation like the Digital Economy Act.
When we ask whether we are moving towards the co-regulation that we have been talking about over a 15-year period, I should say that Dr Nash and I wrote about content on mobile phones and co-regulation 15 years ago, so we have been talking about this for a very long period. It is emerging even in areas where we may not see a legislative impulse. There is lots of interesting room to see that happening.
Finally, over 10 years ago now, I constructed a Beaufort scale of co-regulation for the European Commission. You will be familiar with the Beaufort scale of wind speed. The wind in this case was the degree to which the Government were breathing on the forms of self-regulation that were taking place. Zero was a calm, which would be an entirely technical standards body whose standards were formed entirely within the technical community, such as the Internet Engineering Task Force, up to a 12, which could be the forms of co-regulation that were formalised in the Digital Economy Act.
Between zero and 12 there is a lot of room for us to see different elements of influence that have been exerted. Given some of the recent discussions in Select Committees, Congress and elsewhere, we are probably seeing that wind blowing a lot more strongly from Government and from Parliaments towards trying to achieve something much closer to co-regulation than to self-regulation.
Q2 Lord Gordon of Strathblane: I should first declare an interest. Many years ago I was on the board of Johnston Press and I still have a small residual shareholding. Those of you who are familiar with the fate of the local press will realise that I do not need to emphasise the word “small”.
My question is on online platforms and what legal liability they should have for the content they host. Are they straightforward publishers, are they mere conduits, or are they somewhere in-between? If the answer is somewhere in-between, should they be allowed to self-define where they are on the spectrum, or are there objective criteria that we can apply to say, “You are able to control that, so you should be responsible for Y”?
Dr Victoria Nash: I am not a lawyer, so I do not look at this question from a legal perspective but more from a normative perspective. Technically, I still see these platforms as mere conduits, but you can see that on child abuse imagery, for example, companies have stepped up to the mark and proved themselves willing to take on greater responsibility. You may have heard of a technique called photo DNA which you can use to test imagery on your sites to see if it has been previously identified as child abuse imagery. That is an example of active searching for illegal material.
I do, however, really fear the extension of this principle to social media and internet platforms as a whole for a couple of reasons. One is that, quite simply, one of the greatest benefits, as well as the greatest trials, of social media and the internet is the ability to provide user-generated content. We have never had an opportunity to have so many people having a say—to find, produce and share content and things they are interested in—and I would be very wary of setting up a new system that threatened that in any way.
To that extent, I would be reluctant to extend the principle of liability. I am prepared to accept it on issues such as child abuse, simply because that is an area where the proven harms are so great that it may be worth a bit of censorship, and the risk that some content may erroneously get prevented from being uploaded. But I would be very worried if we were to extend that to other areas.
I guess we are already talking about copyright, but if you were liable for any form of extremist speech, if you had to filter that out at source rather than having it reported to you, I would be worried that you would catch legitimate political speech, for example. I do not have enough faith in our technical measures, our means of detecting content and what is in content, and I certainly do not think you can employ enough human moderators to read everything that we host online. For that reason, I see very little value in making these companies liable for every bit of content that we, as users, post.
Lord Gordon of Strathblane: I will just ask you to respond to something that has been in the news recently. People are saying that knife crime has been prompted to some extent by what people are saying on social media. Would that not warrant some kind of intervention by somebody?
Dr Victoria Nash: I have also heard interviews on Radio 4 saying that it is down to rap music. The first thing I would want to know is that there is clear evidence that these harms are being exacerbated. Secondly, I would want to know that whatever response you take is proportional. I would worry that the response of checking every piece of content for a reference to knife crime before it goes online would have a damaging, censoring effect.
Professor Lorna Woods: On the e-commerce directive and platforms, I think there is an issue with terminology. We now talk a lot about platforms, but there is not, to my knowledge, a legal definition.
Lord Gordon of Strathblane: Quite.
Professor Lorna Woods: The e-commerce directive actually refers to “information society services”, so to fall within the immunity from liability you have to be an information society service to start with. Not all things that I would consider to be a platform are information society services. Uber is the obvious example: it is a platform, not an information society service, according to the Court of Justice. There is a question there about fit.
On the issue of immunity from liability, I would like to move away from the question, “Is it purely about transmission or is it about content?”, to a different analogy whereby we say that they are providing us a space, like a pub, a park or a shopping centre. In thinking about the responsibilities of a social media company in particular, perhaps the analogy of the space and what we expect people who provide spaces to do would be more helpful.
Lord Gordon of Strathblane: We expect a space to be safe: health and safety would apply.
Professor Lorna Woods: Yes, and part of what Will Perrin and I are thinking about is that maybe we should look more at the systemic level and say that the companies that provide online services should look at what they are providing and whether it is reasonably safe. Rather than spending a lot of time deriving algorithms that push extremist content up the autoplay list, they might go for something that is perhaps a little more society-neutral.
However, this moves away from a model that says they are liable for the speaker’s content. It is saying that they have a responsibility for the space and should focus much more on that rather than on individual instances of identifiable bad content. There will always be a link, obviously, and if there are lots of problems you might say that that indicates that you have a poor system underneath.
If a platform is notified of problematic content—let us assume that we all agree that it is problematic content—and they do nothing, do we still say that they should be immune, or do we say that it is the sign of a bad system? There are questions here about how the interplay between the system and an individual instance of content would work out. Obviously, at the moment, for the system, they should take down promptly content of which they are aware, and there is a question about the effectiveness of the current system anyway.
That is a different problem. It goes partly to questions about transparency of processes: we do not know how they are monitoring stuff and whether they are prioritising some forms of content over others. So we will look at some speakers more swiftly, and other speakers, because they have a big audience, more slowly: “We give this speaker more leeway than that speaker”. We do not know whether they are doing that.
So I agree that we should have more information, but it should be less at the grace of the social media company and more required in an organised and systematic manner, so that we can actually understand what is going on.
Professor Christopher Marsden: I want to say something on the terminology—of course, as lawyers we will say something about terminology first—and then something about what we can do in practical terms.
On the terminology, unfortunately the term that the media always use is ISP, which is meaningless in European law. We have ISSPs—information society service providers—as Lorna suggested. We also have telcos, an even uglier term, which is the electronic communications service providers (ECSPs). They are of a different category from the service providers themselves, and we are aware that the electronic communications service providers have always been required to have much more regulation than the standard other platforms.
This dates back to the days of telco regulation, and the fact that they are critical infrastructure and there are resilience requirements affects the way we expect them to be monitored. Also, of course, we remember that it is now 15 years since British Telecom first introduced the Cleanfeed system, which was an attempt to block some websites online. It was the beginning of our attempt to regulate content in this way through co-regulation, and there was much debate about that.
I am very happy to share with the Committee the fact that there was a large conference at Georgetown Law School two months ago at which 25 experts presented papers on how to regulate platforms. They are about to be published in an electronic law journal, so I will provide the Committee with that. The American speakers at the conference—they were speakers from the United States of America, I should say, rather than from other parts of the Americas—were looking to the UK for solutions. They are boxed in by their Communications Decency Act of 1996, even though they have attempted to amend it in a very small way. The Act talks about “online service providers” or “interactive service providers”, because it was almost pre-internet.
We have three alternatives. One is not to regulate, but of course that means that the world develops without regulation. The second is that we can regulate all the platforms that we might be concerned about. The third is to regulate only the dominant platforms. One element that we need to be very aware of—it is not just an internet phenomenon, it is much more broad, but it plays out very strongly with the internet—is that, where you have a relatively stable duopoly or oligopoly of companies, they lend themselves very effectively to co-regulation because, of course, you have very few industry players that you have to influence. Obviously market entrants are much harder to regulate. The danger is that you want to regulate, but that when you do you are almost perpetuating a duopoly or oligopoly situation.
So, yes, we might want to regulate Facebook and Google. In February, Facebook and Google announced that between them they were going to appoint 50,000 more content moderators. That sounds like a lot, but given the amount of content they deal with, it is not. It somewhat gives the lie to the idea that artificial intelligence and algorithms are the way we regulate content in future. It is actually Mechanical Turks, people being employed—subcontracted, typically—to carry out these activities, and, by the way, in different parts of the world where their own cultural understanding of the content they are dealing with may not be ideal.
We need to address this question: if we want to regulate, do we want to introduce rules that apply only to the large platforms or to all platforms? We should be aware of the danger that if you apply them to all platforms, you introduce entry barriers. If you apply them only to large platforms, you have the problems of what we might think of as some very unpleasant niche players.
Q3 Baroness Bonham-Carter of Yarnbury: I want to return to Lord Gordon’s initial question as to whether online platforms are publishers or mere conduits. I take Professor Woods’ point that there is a lack of a legal definition of a platform. I did not really appreciate that before. What about the use or misuse of a person’s name, their reputation, without their permission, to sell a product? It is what I think we call fake adverts. Should the platform not take responsibility in that case?
Professor Lorna Woods: The system we have from the electronic commerce directive distinguishes broadly between criminal wrongs and civil wrongs, so a harassment claim could be criminal where defamation is civil. Apart from that, the regime, in terms of immunity from liability, is pretty much the same. It applies to a neutral intermediary when we are talking about a host, which we are on most of these platforms.
There is the question of what “neutral” means, and whether the prioritisation of content, for example by algorithms, is neutral or not. But if we assume that we have a neutral conduit, it has immunity, in the case of criminal law until they actually know about it, or in the case of civil law until they should have known about it or they actually did know about it. Then they must take the content down—or block it or deal with it—expeditiously. But there are questions about what that means when they actually have knowledge. One of the issues is that a lot of the big platforms say, “We have so much data that we cannot actually know”.
Baroness Bonham-Carter of Yarnbury: Do you believe that?
Professor Lorna Woods: They could probably do more. I am not a technologist, but my suspicion is that if I were a business person I would try the argument that I cannot know to put off the evil day of trying to work out how to fix the problem. I am perhaps a little sceptical of “cannot know”. Certainly, there are techniques that are now being used in terrorism and in relation to child pornography in order to keep content down: identifying or watermarking content so that it does not pop up again.
There is a question about whether platforms should be able to just take content down once or whether, once they become aware of it, it should be taken down and stay down.
The consequence of the regime is what I think you are alluding to, which is that it puts the onus on the individual—the victim, if you like—to keep an eye out for problem content and then to persuade the platform to do something about it. That is a problem, especially if you are talking about revenge pornography or something like that. It is really hurtful to expect someone to have to monitor. In the case of the advertising you mentioned, I think there are probably financial costs for somebody whose reputation is—
Baroness Bonham-Carter of Yarnbury: It is a form of identity theft.
Professor Lorna Woods: Yes.
The Lord Bishop of Chelmsford: I wanted to come back to something Dr Nash was saying. I think Professor Marsden started to answer the question that was forming in my mind. You mentioned that child pornography is harmful. It is indeed extremely harmful, and there are other things that Lord Gordon also referred to: hate speech, knife crime, terrorism and all the rest. I think I heard you say that while it would clearly be good for this to be taken down, we do not want to run the risk of damaging people who are making legitimate things, and we cannot read everything.
The platforms cannot have it both ways. They cannot on the one hand be the people through whom we have to access everything on the internet—that is who they want to be; that is the world they have created—and then say that they cannot be responsible for the content. You say that they cannot employ thousands of people to read everything, although now I learn that that is exactly what they are doing. C
Could it not be the other round? Actually, there could be a much more rigorous form of blocking and monitoring content. Then, if a mistake is made, which is bound to happen, the person whose content is blocked applies to say, “Actually, this stuff is entirely innocent. Could you please unblock me?” Why does it have to be this way round?
It felt like your answer was pretty complacent about the real dangers. This is what we could and should be doing on what is a hugely serious and damaging range of issues.
Dr Victoria Nash: I certainly did not mean to sound complacent. Let us have a thought experiment. You ask whether it could be the other way around. Certainly someone could set up a platform, a system today, that would do precisely that. That is precisely what some of the platforms that are focused specifically on children do: they provide a safe space in which content is all moderated, or you can only use certain forms of language, or individuals are white listed. A variety of platforms already do that, but they tend to do it only for children. You could do that for adults, but clearly it would have some pretty big implications.
The idea that everything I might want to say about my family, my friends, my life, would have to be read by a human moderator before it could be posted on a site—
The Lord Bishop of Chelmsford: No, that is not what I am saying. That is an extreme version of what I am saying. I am asking whether there could be a more sophisticated and rigorous way of monitoring what could be damaging and extreme content—and therefore accepting the risk that sometimes quite legitimate content slips through—but also a very clear and transparent way of appealing if my contents had been blocked and that turned out to be right. Then the human element would come in to read it. In other words, turn that whole thing on its head.
Dr Victoria Nash: Just to be clear, you are suggesting a system whereby, again, every bit of content that we want to share would be checked in advance but artificially using algorithms and AI. Is that right? Something like that.
The Lord Bishop of Chelmsford: Yes. They are doing it anyway for their own purposes, are they not? It is not as though this is a new thing to do, is it? It is just a different algorithm. It is not a whole new bit of work. It is just as bit of responsibility.
Dr Victoria Nash: All I can say is that it sounds like a really easy solution. Yet every bit of experience I have ever had with computer- science technologists showing us how you do this suggests that it is remarkably difficult to identify when content falls into a bucket that is so clearly harmful, or maybe just offensive, or maybe clearly fine.
One example is hate speech. A very good research project at the University of Cardiff is trying to identify examples of hate speech on Twitter. It was very interesting to note that while they were trying to train their algorithms to identify it, they worked with a panel of experts, and that even that panel of experts agreed only 75% or 80% of the time, and that was even before getting to training the algorithms.
I suppose my point at the moment is that the technology is not there, this would be heavily restrictive from the perspective of freedom of expressions, and, quite frankly, it would place the UK not at the forefront of safety but very much at the forefront of potential censorship, and I would worry about that.
The Chairman: Thank you. We move on to another question, from Baroness Benjamin.
Q4 Baroness Benjamin: We are all aware of, and you have mentioned already, how platforms such as Twitter enable abusive behaviour that you would perhaps not engage in face to face and but feel that you can online. The Government’s digital charter states that people should understand the rules that apply to them when they are online, and it commits the Government to protecting people from harmful content and behaviour and is working with industry to encourage the development of technological solutions, which you mentioned.
However, do you not think that users themselves need to play a part? What part should they be playing in establishing and maintaining online community standards for content and behaviour, and should there be some sort of rule book that they need to follow or at least be aware of?
Dr Victoria Nash: Yes, I think there should be. Technically there are. Most of the services that we use have community guidelines or community standards that we are supposed to abide by as users. As I understand it, again there are examples of initiatives by companies that are trying to understand the patterns of behaviour we see here and how we might intervene, as you say, to prevent individuals harassing each other and using abusive language. I cannot remember which companies; one might be Jigsaw, which is talking for example about identifying key words. Instead of preventing you from using those words, it might give you a nudge, a prompt: “Do you really want to use that word? It doesn’t seem to abide by community standards”, et cetera.
The companies could do more perhaps to remind us of those community standards when we are using their services. But, frankly, I also think that we need to do more on the education and parenting side, and we need a much better understanding of exactly what drives people to be quite so vile to each other in this environment. I presume you are asking about both sides, and this is not just a regulatory question but a social question.
Professor Lorna Woods: It is a very interesting question. The dominant companies talk about community standards, but they are not community standards; they are terms of service imposed on their users.
In the case of Facebook or Twitter, it is not about what their users think. There are other platforms that give the users the freedom, within an overarching framework that is about legal content and so on, to set their own standards. Have you heard of Mastodon? It is a Twitter-alike, so it is short communications but it is based on a peering system. Somebody who has the computer space downloads the software and can run an instance of Mastodon. Each of those instances can set its own rules.
British Mastodon says, “We’re all up for robust speech”, which I take as code for shouting at each other. Other groups say expressly “We don’t allow that”. There is a vegan group that says, “You have to accept the principles of veganism”. The feed is based on that user group, but individually you can also subscribe to other groups, so it is not totally fragmenting.
There are possibilities out there. The problem at the moment is that there is too much power in the hands of the big platforms, which are using the phrase “community standards” in one sense but still nudging us towards a whole range of behaviours in another. They are just using community standards as their justification for taking stuff down.
I agree with you that other tools can be invented and about looking at some of what women said about the abuse. Part of the problem is that you cannot mute before you see it, so why has nobody really come up with a system so that as a user you can choose to block categories of content that you do not want to see?
Professor Christopher Marsden: There are two things to say about that. I think we are now realising the value of disgruntled former employees of technology companies telling us a lot about solutions that should have been adopted but were not. As I understand it, Twitter had a fork in the road six years ago. It could have become a much more observant community-friendly platform then but chose not to on commercial grounds.
Venture capitalists used to fund these companies from their inception until they became unicorn companies that were floated on the stock market. Now they fund them from their inception until they arrive just below the merger thresholds and get bought by Facebook or Google. It would interesting to know from those venture capitalists the extent to which they think they have some social responsibility to ensure that those innovations are not as user-unfriendly as they have been up to now. There is a whole separate question about why people are so extraordinarily vile to each other online. That is something for psychologists to help us to discuss. I think that people have been vile to each other from an extraordinarily long period of time, but it is very interesting to see this irrefutable evidence in front of us of just how awful people are being.
Secondly, in order to persuade these companies to adopt technologies that enable you prevent this content from being seen in the first place, you need to regulate the code on how these companies program their platforms. That is considered to be some kind of step across the Rubicon and an awful thing to do. They do it to each other all the time. One thing that we have learned over the last couple of months is the extent to which Facebook regulates the environment in which it exists and the way it controls third parties, not through unilateral contracts that it thinks it controls us with but simply because it controls the advertising platform.
The companies are constantly regulating each other’s code, and it would be useful to think about the degree to which we can nudge them—to use that overused expression—towards a more socially responsible use of that code. One of the people who might give you some insights into that might be Sir Tim Berners-Lee, who obviously has a 25-year history of thinking about these things and being publicly very unhappy about the way his baby is being brought up by some of the technology companies. Certainly in the case of Twitter, there was a fork in the road—a point at which it could have done something.
Unfortunately, reporting abuse has become a difficult tool, because so many of the people whose speech we would like to restrict are simply mass-reporting people trying to stop them. So we have this awful situation where alt-right and other groups will simply report en masse somebody trying to reform their speech. So the existing tools that are being used are not working very effectively.
Baroness Benjamin: When we think about the user, many people do not fully understand what they are doing. There are the extremists—they know exactly what they are doing—but for the innocent, children and young people especially, do you think that education is what is needed? Do you think we may drive them to their own dark place that they create themselves where they can be abusive? For instance, on Instagram there is a place where children can go and abuse other children: adults cannot get to it but children can.
The other thing that worries me is whether we will drive people to a system such as WhatsApp: you can do things there that nobody can see. How do you think we can get the user to understand the role they are playing and to take the responsibility they should be taking and see the consequence of their actions?
Dr Victoria Nash: Obviously, since I have been in this space, particularly over the last 10 years, we have seen a proliferation of calls for more digital literacy training. I know it is an Ofcom responsibility, but one thing we lack in this area is that there is not a great deal of evaluation of the interventions that are made or the training programmes that are introduced. This is a big gap at the moment.
You are absolutely right that we need to work far more closely with children, through schools and in out of school programmes, but we could also do a better job of evaluating what we are currently doing and seeing what works in transforming behaviour and in helping children understand the consequences of their actions.
Maybe I can put this a bit more starkly than you did. There is a real danger that someone who is really determined to attack another individual, to bully or harass them, will find a way of doing so. You may make it hard for them to do it on Facebook, but you are right: it is like a game of whack a mole—you shut down that route and they will move on to Instagram or WhatsApp or an even more private channel.
The only solution is the educational and the societal one. That does not mean that we should not act on the other angles too, but I think that is the only one by which we have a real chance of success. The key measures would be massively more funds available for digital literacy training. I know PHSE is coming back up the political agenda, which is great, but we also need more evaluation of the types of scheme we put in place to ensure they are actually working in transforming behaviour.
Professor Christopher Marsden: There was a very interesting speech given last month by Commissioner Vestager, the European Commissioner for Competition, saying that what we have seen created in front of us are essentially addiction platforms. All those little alerts that we get on our smartphone are little dopamine hits: we get a little reward from the fact that we think we are not alone in the world and we are being constantly alerted to new things happening. She pointed out that we allow 13 year-olds to use these platforms perfectly legally in the UK—it differs in different European countries—in a way that we have decided not to do to for alcohol, tobacco or other types of addiction. Those are her words rather than mine. And, of course, the world is built on addictive substances, from tea and sugar to everything else, but we should be aware that we are doing this.
We are doing it, actually, because of a United States law, the Child Online Privacy Protection Act 1998, which established the age of 13. We have chosen to do that. We have differing ages of consent for using platforms in different countries across Europe. Germany, for instance, insists on 16. And we are very aware, of course, that children under the age of 13 are signing up to these platforms, with or without their parents’ knowledge. We should just be aware of that. It is interesting to note that this morning in a Select Committee of the other place a psychologist was talking about the way these platforms are used. We should be aware of the way these platforms operate and perhaps ask some of those more profound questions about that.
I just make one note: 10 years ago we were talking about MySpace, and today we talk about Facebook, Instagram and WhatsApp—both of them, of course, owned by Facebook. But at the time it was not just MySpace that was supplanted by Facebook, it was also Bebo, a much more child-friendly, community-aware social network that was trying to keep to European standards. It was a US start-up by an English couple, but it tried to keep to more European standards of co-regulation and it was swept away in the Facebook tide. So we have had option before.
Yes, there are alternative ways, alternative communities, that are much more privacy and community-friendly. These companies have won. I may take a perspective which competition economists would not agree with, but my view is that these companies have won in their space. It is no longer only 10% of the population using a social network, the vast majority do, and they are all using the same one. That is not accidental; it is a feature of the technologies, not a bug. You achieve a dominant position, and once a company has that dominant position we may think about how we want to treat that company.
Q5 Baroness Kidron: I am afraid that I have to declare interests before I ask my question, which is on the back of what you just said. I am the founder of 5Rights and I am working on universal data standards with many international partners. I brought various amendments to the Data Protection Act on the subject. I am a member of the broadband commission on the sustainable development goals and the Royal Foundation’s task force on bullying. I am a director of Freeformers, which is a digital transformation company. I run workshops with children to capture their thinking about the digital environment and I am currently working on and about to publish something about persuasive technology. Sorry about all that.
I was going to ask all of you about the very point that you have made, which is that when we first asked whether these companies should be regulated, everybody took that to be from a content point of view. However, we are increasing the understanding that this is very addictive technology. In fact, the various addictions sit in regulatory frameworks of various kinds. I do not want to use the Bishop’s word, but why did we just accept that? Why are we suddenly saying, “Oh, well, they have won”? Are we ready, and is this the moment, to look at some of the asymmetries of the situation?
I suppose my precise question is this. Do you not think that when we talk about regulation we have to talk about the design of the services as well as the content?
My second question is closely related to that. At various points in your answers you grasped at existing laws, but we are talking about a new space. When we asked whether we should have a new regulatory framework, Professor Woods said that its space is its otherness, but should we not be more imaginative and ask about proportionality and things that are monetised above a certain point? Is there not a whole new way of thinking about this, rather than grasping at 20th-century thinking for a 21st-century situation?
Professor Christopher Marsden: Yes, there is obviously a lot to unpack. I wrote a book five years ago with Ian Brown from Oxford University, who is now at the Department of Digital, called Regulating Code. I agree that if you want to achieve meaningful results, you have to deal with the way the companies regulate us and persuade them to regulate us differently, which means persuading them to change the way they engineer their software.
On the other point about whether we should be thinking much more seriously in relation to the framework, one of the reasons why the United States looks to us in Europe with expectancy to see if we can solve these problems is that we have specific consumer laws that deal with the online environment. I have described the need for what I described as a “prosumer law”. It is an ugly term, but we are all prosumers if we ever update Facebook, Twitter or anything else, or run a blog. We are producers as well as consumers, as well as being citizens, obviously.
The European Commission is talking a lot about moving towards a much more robust framework for the online consumer. It has actually used the overarching phrase “a fair deal for consumers” as what they want to move towards. In the United States, that does not play very well, as it sounds like the second President Roosevelt. Nevertheless, asking, “Okay, what do we need for prosumers?”—admittedly, as you say, 20 years after we recognised the problems—would be a much more holistic way of considering how to solve some of these problems.
Professor Lorna Woods: I said that the spaces analogy, the project I am working on, is looking at the systemic level. That implies that as well as looking at techniques for blocking and such like, it is also looking at the actual structure of the platform and the nudges and the way they encourage us to stay engaged. It is very much in line with what Chris is talking about when he talks about code. I just wonder whether it would help the Committee if I sent through an outline of what we are trying to develop.
The Chairman: I think the Committee would find that very useful. Thank you.
Dr Victoria Nash: I am not sure that I have any other great insights to add to what has already been said.
Baroness Benjamin: I did not declare my interest before I asked my question. I am a champion of the Internet Watch Foundation and a vice-president of Barnardo’s.
The Chairman: Thank you for doing that. I apologise to Lord Goodlad, who I inadvertently slipped down the order of questions. He will ask the next question.
Q6 Lord Goodlad: Can I ask my question in two parts, please? First, what processes do online platforms use to moderate the content that they host, and are those processes fair, effective and transparent?
Secondly, what processes, if any, should be implemented for individuals who wish to reverse decisions and moderate content? Who should be responsible for overseeing those processes?
Professor Christopher Marsden: The first problem is that the dominant platforms, of course, are United States-based platforms, and their moderation processes are designed with a view to the First Amendment to the United States Constitution. This, of course, creates problems, because we do not share their views on hate speech and other elements. That is a major problem. We have an international law that helps us in this space, which is the Council of Europe’s Cybercrime Convention 2001, but the protocol on hate speech to the Cybercrime Convention was never signed by the United States. It signed the cybercrime treaty in its original form from 2001, but not the hate-speech element.
The processes are designed in California, typically, or perhaps in Seattle, depending on the company. The issue in Europe that makes this slightly more awkward is that in the United States they have been quite careful to make sure that there are requirements to put back. This relates to your second question about what happens if your content is taken down and how you appeal. There are appeal procedures that you can go through that were very carefully designed in something grandly entitled the Digital Millennium Copyright Act 1998, which was in fact the United States 1998 copyright reform, which requires put-back.
Unfortunately, even though the E-Commerce Directive is of a slightly later date, it does not have those put-back provisions. Therefore we have often described this in the past as a “shoot first, don’t ask questions” provision. This may answer some of the points which the Bishop made. When content is taken down in Europe, there are no requirements to appeal and put it back up again. You are simply told by whichever service provider it is that you have breached the terms of service—by the way, I imagine that at any one time we have all breached the terms of service, because they are very long unilateral contracts that inevitably we are almost always in breach of—so you do not get a chance to put it back up again.
The closest that we have been to some process that we might recognise as approximating to a legal process is the process that has been instituted by Google under the right to be forgotten law, which is the result of a court case interpreting European law. It is actually more the right to be obscure, because of course Google does not remove the content from the internet; it just removes it from Google searches, although that in effect removes it for most purposes from people’s view.
Under that procedure, Google has dealt with about 2 million cases. They can of course be appealed to data protection authorities and then to courts, but they go through that procedure. That is the closest thing we have had to transparency on a large scale, although I suppose we should also add all the cases that have dealt with domain names and the way those are removed from one party and given to another. That is another example of it happening. But there are not a great number of examples of that actually in process. I realise that I am suggesting a sort of employment creation scheme for lawyers. This is an under-lawyered area of society, so I make no apologies for that necessarily.
Professor Lorna Woods: There is an underlying issue, which is that the whole system is set up by contract, and the companies are not required to do any of that. Bizarrely, if we had thought more about the regulatory framework we could have had a better job. I reiterate what Chris has said about the complete lack of transparency about what happens, who does it and on what basis. We just do not know.
There is an assumption—this is perhaps moving slightly from the question—that platforms are there for us to speak on, so when people talk about freedom of expression it is almost as though the user has a freedom-of-expression right as against the platform. There is no such thing. As a matter of law, rights bite against the Government, not against the company, so you are in the land of positive obligations where the obligations are harder to prove than in the case of a complaint against the state.
Looking more broadly, if you are looking for some sort of regulatory framework, you could look at the essential facilities doctrines from competition law, but although they allow third-party access to private platforms of various sorts, I do not think they would cover this sort of situation. So there is a gap.
Dr Victoria Nash: I think you have beautifully explained why we have this problem. For me, this is a significant area of concern. Given everything we know about the digital charter and the concerns of this Committee, it is very likely that in the future we will ask these private sheriffs, these private companies, to act and take down more and more content in order to comply with the law as well as their community standards.
We could certainly make more progress in two ways, and here I must declare another conflict of interest in that I am involved in an initiative that is planning to do some of this work. First, we could provide guidance on what consumers and users ought to be told and how they are told when their content is taken down, and ideally put measures in place for appeal—the idea that that is part of being a responsible platform in this area.
Secondly, it might be beneficial—and this would probably require regulatory oversight—to have some sort of auditing of this process by an independent third party. I suggest two types of auditing: first, an auditing of the companies’ decisions to remove content to ensure that it meets the complaint that was made or breaks the law that was suggested; and secondly, perhaps, also an auditing of moderation guidelines, again in order to have oversight of the processes and procedures behind these decisions. That would fill a significant gap and help to assuage some of the concerns about chilling effects or unintended consequences of legal and legitimate speech or acts being closed down untransparently.
Lord Goodlad: That is extremely helpful. Do you think that the use of automated content filtering systems that use algorithmic processes to identify harmful content could provide a means for effective self-regulation by platforms?
Professor Christopher Marsden: It is of course an open question, so I do not want to pretend that there is a definitive answer at this stage. The answer will be different next year and the year after, and the Artificial Intelligence Committee has reported on some of these issues.
You will get an enormous number of false positives in taking material down. That is almost inevitable. I do not know whether you have seen the Labrapoodle pages that have shown you that it is very difficult to tell the difference between a picture of an Orangutan and a Labrapoodle, simply because of the nature of the attempts by algorithms to match these things. So we will have a huge number of false positives if we rely very heavily on algorithms to filter.
It will of course need human intervention to analyse these false positives. So as a first step, yes, of course, you can use that, but Google and Facebook are employing 50,000 more people not as a job creation scheme and because of the benevolence of the companies but because they recognise that there will have to be a mixture in order to achieve any kind of aim.
One of the problems is that they are responding to a perceived need to remove more content, rather than addressing what you said in your previous question about fair process and due process in these things. I suspect they will focus on the former to the exclusion of the latter simply because of what I said about the Mechanical Turk idea: that they are subcontracting to people on very low wages. It is certainly not UK minimum wage; it is far below that. That is obviously a great deal cheaper than employing a lawyer to work out whether there should be an appeal to actually put this stuff back online.
I very much agree with Dr Nash about audited self-regulation, which is a form of co-regulation, being a very important element. I fear that the incentive structure that we set up will be an incentive structure for them to demonstrate how much content they have removed, when actually a very important additional question is, “Show us the examples of successful appeals to put content back online”, in order to demonstrate that they are not simply, as I said earlier, shooting first and not asking questions, which would be their tendency.
Q7 Viscount Colville of Culross: Building on other answers you have given, I want to look at the balance that needs to be established by the platforms in ensuring online safety while protecting the rights of expression. You have spoken quite a lot about the problems with takedown notices and how that could lead to overzealous policing of content. Dr Nash talked about audits of this process. Do we leave it to the platforms to deal with the online regime, or do we need determined regulatory intervention, or even law, to make this happen? I know that you have written about this, Professor Marsden.
Also, to move on a bit further, Professor Woods, you have written about Article 10 of the Convention on Human Rights not necessarily covering various aspects of social media. Will you elaborate on that, on what we should be concerned about, and on what the remedy would be?
Professor Lorna Woods: It has just occurred to me that I should have declared that I am a member of the code committee of Impress, which is the Leveson-compliant press regulator. It had entirely slipped my mind. It is a non-remunerated post.
The common interpretation of Article 10 is focusing on the speaker. Article 10.2 gives grounds for the state to restrict speech. Takedown orders would be a prime example of that. Interference must be in the service of the public interest, it must be set down by law and it must be proportionate and necessary in a democratic society.
As for some of the problem speech, hate speech may fall outside the protection of Article 10 altogether. Article 17 of the convention—and there are analogous provisions in the EU charter and in the ICCPR—allow material that seeks to undermine the very purposes of the convention not to be protected. Very forthright political commentary may be restricted, but it has to go through the Article 10.2 analysis. Hate speech, of which Holocaust denial is a prime example, could fall outside the regime altogether.
A lot of the criminal rules we have would have to fit within that framework. That is what has led to the guidelines on prosecution and the high threshold before a prosecution will be brought for speech crimes. As I mentioned, the obligation is on the state, so if you are looking to exercise Article 10 against a private party you are looking for a higher standard. What is engaged with there is more a balancing between the interests of the party. The leading case on this is a British one called Appleby; some protesters wanted to hand out leaflets in a shopping centre and the shopping centre did not let them. They claimed that the UK had failed in its positive obligations. They lost because there were other places where they could go to hand out leaflets and make their point.
So there is a weakness there in trying to claim a right to the internet or to a particular platform. Although the European Court of Human Rights has been concerned about the impact of blocking orders—we talk about collateral censorship—it has been less convinced to find that if you are just cut off from going online to access music you have a right at all. They say that you are not even a victim in that instance. I have argued, particularly in the context of a social media platform where you are engaging with friends or family, that it may be easier to analyse it under Article 8, the right to private life, where the positive obligation seems to kick in at an earlier stage.
Professor Christopher Marsden: Very briefly on the point about comments, you may be aware that there were two conflicting judgments of the European Court of Human Rights. The first was an Estonian case, Delfi AS v Estonia—I prefer to pronounce it “Del-fie” but I am told that is not correct, and in any case it is not really a portent of the future—in which, essentially, a news website was made liable for the comments that were underneath the news article. It was fined for the comments, which of course led news websites across Europe to think that perhaps they would have to do something: either pre-moderate, which of course the BBC has always done but which commercial publishers have always said would require a great deal of investment, or alternatively remove comments altogether. That case has since been followed by a case, which I will not try to pronounce in Hungarian but is essentially MTE v. Hungary, which appears to have restored some kind of balance.
Do you want to say something about the balance?
Professor Lorna Woods: In MTE, the court approved the principles in Delfi. It just came to a different conclusion on the facts. So we are still stuck with the principles from Delfi, although differently applied in MTE.
Professor Christopher Marsden: Yes, it should be said that, without overruling Delfi, they stepped back.
Professor Lorna Woods: It was a chamber decision versus a grand chamber. Delfi was the grand chamber.
The Chairman: Thank you for the clarification.
Professor Lorna Woods: Sorry about that.
Professor Christopher Marsden: This will come back to haunt the Committee in future, I am sure.
We face a profound issue, which is that if we do require prior approval of comments, whether it be on Twitter, a news website or wherever else, we are requiring a great deal more investment, and websites may well choose to remove comment altogether. Depending on your view of comments on news websites, that may be a good or a bad thing. Let us assume that it is a bad thing to remove them altogether.
Dr Victoria Nash: Just one quick response to your other question about whether regulation is needed to balance these concerns. My view is that I would like to see how effective the proposed social media code of conduct coming out of the digital charter will be. My suspicion, given what we said at the beginning about ensuring that we do not impose high regulatory burdens that stifle competition, is that that would be the place to start. If it is not effective, we might move to a more regulatory approach.
Q8 The Lord Bishop of Chelmsford: I want to move us on to an area that we have touched on but have not explored much so far, which is transparency. What information should online platforms provide to users about the use of their personal data, and how should that be presented to them? With the GDPR coming in in less than a month from now, does this in your view provide sufficient protection for individuals in the use of their data, et cetera?
The Chairman: Again, I appeal to witnesses to be reasonably concise.
Professor Christopher Marsden: I shall be, partly because I work with a much greater specialist in this area, Dr Nicolo Zingales, who has just published a book called Regulating Platforms as a result of some United Nations work. I will share with it the Committee.
Our personal data is currently regulated from Dublin and Portarlington in Ireland; it was formerly Portarlington alone, but then it moved to Dublin and Portarlington. If you are not familiar with Portarlington, do not worry: it is a fairly small town in Ireland, but it is where the Irish Data Protection Commissioner was based. Of course, it has never fined Facebook or Google a euro. Fines are not of course the only measure of the effectiveness of statutory regulation, but you might expect something to appear as a sign of effectiveness. As things stand, we are regulated via Ireland.
As I understand, the inquiry in the other place on fake news is dealing with Cambridge Analytica, which is being examined by the Information Commissioner here, but not Facebook, which is still to be the responsibility of the Irish Data Protection Commissioner. That was confirmed by the group of data protection regulators, the Article 29 Working Party. I am somewhat cynical about trying to introduce greater transparency. The greater the transparency, the greater the amount of information you give to users, who do not read it in the first place.
On the contracts available to you—I am sure that Dr Nash can speak to this—an Oxford University study looked at how long it would take you to read the contracts that you agree to. I believe that it takes more than a year to read the contract that you go through in your first hour online. We can of course try to afford greater transparency, but the degree to which that helps us is limited. There is current controversy about the fact that Facebook has essentially relocated the jurisdiction for non-European and non-North American users of Facebook to California, rather than to Dublin, as I think many people assumed it would do. You are told that if you do not agree to the terms of service you can no longer use Facebook. That is a fairly profound response to a failure to accept what are effectively unilateral terms. Transparency is necessary, but it is a small first step towards greater co-regulation.
The Chairman: Do you agree, Professor Woods?
Professor Lorna Woods: Wholeheartedly. There is no point in giving information unless people have the time to read it, understand the ramifications and then have a realistic choice to do something different. I do not think that people do.
On the GDPR, the Facebook removal is interesting and raises the question as to where we will be with that post Brexit. As I understand the Bill, the applied GDPR takes out the extraterritoriality in the GDPR, so we will then be moved to the third country situation.
Dr Victoria Nash: Obviously, I agree with what they said.
On the question of how we can provide information more effectively about what is done with data, I have seen some interesting efforts to move to more icon-based communication. It does not tell you in great detail what is being done with your data, but it identifies whether it is being shared with third parties, for example. That is definitely a step forward. For me, the biggest problem with this, whether you write it out in full or use icon-based systems, is that it takes a great deal of time.
There is an American lawyer called Jack Balkin who, together with Jonathan Zittrain, has introduced the concept of information fiduciaries—the idea that when we are handing over data to online third parties we should be looking not for heavily detailed terms of service and descriptions of exactly how it will be used and where but more for an understanding of this as a professional relationship, where what you want to see is uses of your data that will not come back to harm you.
I know that it is getting quite late in the day, so I will not go into that in more depth, but I can send papers on it. The GDPR has some inadequacies. I am not a lawyer, but the two obvious ones for me are large assumptions about screen-based interactions, when increasingly we are moving towards internet of things devices or home assistants. Again, it is about how you communicate data use in those circumstances.
Secondly, to go back to the point made so well by Baroness Kidron, we should think about younger users and their ability to use services at an age where they are able to understand what the data transfer will mean for them. For me, those are the areas of inadequacy.
Professor Christopher Marsden: We tend far too infrequently to consider the other area of great regulatory arbitrage and changes, which is the financial services industry. One element of the Sarbanes-Oxley Act 2003, which regulates public listed companies in the United States, that should probably have been thought about more by internet lawyers was the placing of personal responsibility on directors of financial services companies to keep data safe. That changed enormously the culture around the risk management of data in financial services companies.
Giving directors personal responsibility to keep data safe or to do other things with it is a useful way of focusing attention. I know that many members of the Committee are directors of companies themselves and will be aware that that does focus the attention.
Q9 Lord Allen of Kensington: I declare my interests. I am chairman of Global Media & Entertainment, I am advisory chair of Moelis & Company, which is an advisory bank to media companies, and I have shareholdings in ITV.
I want to stick with transparency. In a previous inquiry, we had a social influencer who found that, although people could come to her YouTube channel, algorithms were being used to divert funds away from her. Should there be transparency in what algorithms can be used for whatever purposes and the extent to which they can be used other business models, where arguably their use could be deemed to be fraudulent? I am interested in your thoughts on those areas.
Dr Victoria Nash: My goodness, if we think it is difficult for users to understand the terms of their data use, it is impossible for them to understand how algorithms are directing their online experience. I find it hard to imagine how those might be explained in a way that would be fully transparent to users. It is a huge problem.
I can see two areas where there may be a bit more room for hope. First, it would great if we could have more algorithmic choice in the use of such services. An example would be something as simple as the chronological Facebook newsfeed versus the items that it thinks you may most want to see. That should be an overt choice. We can imagine other alternatives, too, where you choose to highlight reliable news sources et cetera. Could we not have more overt and explicit algorithmic choice in how our feeds are organised?
Secondly, a colleague of mine, Dr Sandra Wachter, and Brent Mittelstadt are looking at how you might be able to identify examples of discrimination. That is a key thing: you may not want to understand how the algorithm works but you darn well want to know whether it has harmed you in some way. Again, I can forward more information about that approach.
The idea would be that you can use machine learning to identify the factors that seem to influence that decision: that is, you are more likely to be served this job advert if you were this, this and this. I am not convinced about transparency, but there may be other ways to address the problem.
Professor Christopher Marsden: I want to introduce use an ugly term: replicability—the ability to replicate the result that has been achieved by YouTube or whatever company is producing the algorithm.
Of course, algorithms change all the time, and one accepts that the algorithm at one particular time, for instance for Google search, is changed constantly, and there are good reasons for it wanting to keep that as a trade secret. But you would like to be able to look at the algorithm in use at the time and, as an audit function, run it back through the data and make sure you can produce the same result. We do this in medical trials all the time; it is a basic principle of scientific inquiry. It would help us to have more faith in what is otherwise a black box that we just have to trust.
I will also mention Michael Veale at UCL, who has been working with Brett, Sandra and others on this, and the idea of going beyond transparency to replicability: to be able to run the result and produce the answer that matches the answer they have. You do so independently, of course. You do not just want to ask the company, “Is that fair?”, because it will say, “Yes, of course, it is fair”. One wishes to do it independently.
If you can produce replicability, you can have much more faith in the system. However, companies will not just volunteer that. It is expensive for them to do, and if it is expensive to show people results it is even more expensive to show them results and make sure that they do not change your liability. They will not volunteer that.
Professor Lorna Woods: Users would need to know the purpose and effect. There is a lot of, “We can’t tell you this, because it’s a trade secret”. I do not think that people need to know your trade secret. They need to know the principles, the purpose and how it works, although when it comes to making sure that that is actually the case, replicability and auditing are probably essential.
I question whether all algorithms are equally legitimate. There is, I think, an extremist algorithm or a phrase that is talked about in relation to YouTube and Facebook that means that when you start watching a video you are then served more and more extreme versions of the content, so your video about how to put a shelf up turns into examples of people drilling holes in their hands or something like that. I do not know whether that sort of algorithm is socially responsible, so I have a question about whether we would want to look at that.
Lord Allen of Kensington: In this particular case, she saw her commission diminish fairly substantial over a very short space of time, so she knew that there was a detrimental effect.
Professor Lorna Woods: Yes.
Lord Allen of Kensington: That was the point you were making. Thank you.
Q10 Baroness McIntosh of Hudnall: There are so many things that I want to ask you as well as the question that I am told I have to ask you—
The Chairman: Indeed. I think we are all in the same boat.
Baroness McIntosh of Hudnall: —but I am not going to.
Dr Nash, right at the beginning, in your opening remarks, you talked about your belief, as I understood it, that we did not need more of anything; we needed to use what we already had more effectively. My question is about the effectiveness of current competition law in renegotiating the activities of the platforms that we have been talking about, particularly given the other issue that has come up: the question of the increasing dominance of a very few of them and the aggregation of smaller start-ups into the larger platforms, which leaves the field marked very heavily by a very few, very large footprints.
First, do any of you think that current competition law is enough, if it were properly applied, to regulate the activities of these platforms?
Secondly, I think it was Dr Woods who made the point earlier about our exit from the EU and the possible deficiencies of the GDPR in relation to our status once we come out of the EU. Are there any specific risks to us post Brexit in competition regulation?
The Chairman: Shall we have Dr Nash’s perspective first?
Dr Victoria Nash: You are asking the non-lawyer first. As a non-lawyer, I would not want to say too much about the efficacy of competition law except to say that to me as an outsider—a non-lawyer—it seems like the wrong hammer to crack this particular nut with. Yes, I can see that there might be inadequacies in competition law, and the whole does not take into account data monopoly, for example, or access to large sets of data across different smaller companies.
However, I am not convinced that that would resolve the sorts of problems that we have been thinking about today. Chris made a good point earlier, which is that in some ways it might serve us quite well to have very large companies that can be embarrassed in front of shareholders and Governments and which you can call to give evidence—not always successfully, I know—rather than having a very large number of small innovators who it is harder to use that sort of leverage with.
Those would be my comments, I guess. I will leave it there.
The Chairman: Professor Woods, what do the lawyers think?
Professor Lorna Woods: I guess it depends on the particular concern, but competition law does not take non-economic interests into account too well. That is why we have the public interest provisions in relation to media mergers and so on, and in order to address the problem that Chris has talked about it may be worth thinking about having a public interest test in relation to the tech start-ups—so coming in at a lower threshold—so that the privacy concerns about data monopolies could be considered in their own right and without trying to describe them in purely economic terms.
We have the example of Facebook buying WhatsApp. I think the Commission expressed concern that it could not really talk about the data protection issues, and some years down the line we find WhatsApp data going to Facebook and a lot of the data protection authorities around Europe having to take action. So there is a concern there about the non-economic aspects.
Baroness McIntosh of Hudnall: Just to be clear, you are making a distinction between competition law, which is fundamentally to do with the commercial interest, and the public interest, which is non-economic.
Professor Lorna Woods: Yes.
Baroness McIntosh of Hudnall: Are you suggesting that we already have a model that could be usefully applied, or are you saying that this happened somewhere else but you would have to invent something different in relation to these internet-based providers?
Professor Lorna Woods: I think we could look to the models that we have that sit alongside competition law in this country and that try to deal with non-economic interests. National security is one. Media plurality is another.
The problem is that you struggle to capture the value and the threats to those sorts of interests if you are using a purely economic model. It is a question of how you describe the harms and how you see the market being described. I suspect that Chris could talk more coherently about how economic thought works or does not work.
The other point is that we have network effects, which means that the value to users of the platforms is greater when more people are on them, which pushes the market to bigger providers and the market analysis is not standard. We have competition authorities in this country, so I assume that that post Brexit they would take over that role entirely.
Professor Christopher Marsden: I agree with what has been said so far: that there is this great schism between competition lawyers and communications lawyers. It should be said that I am probably a heretic when it comes to competition law; I do not believe that competition law solves the problems in these markets, first, for reasons to do with data protection, which is clearly outwith the ambit of competition law, but, secondly, because many of the monopolies that we have seen emerge in the communications agencies have emerged so fast that the claim that they are durable, permanent monopolies would normally fail the test of competition law.
So competition law will not be a solution. It is actually a wonderful way of parking the issue and saying that we do not have to deal with it. We will come back in 10 years’ time and see where Facebook is, and who knows where we will be in relation to Facebook at that point. That is one issue that emerges.
The other issue is Brexit. I have not mentioned the B word so far, but a lot of people in the industry were surprised to learn that we will be leaving the Digital Single Market post Brexit. That is quite a dramatic step for the UK communications industry to take. If we do, of course, we become a rule taker from Brussels across this set of issues. One reason why people in Georgetown and other places look at us and say, “How do you solve the problem?”, is because we were always considered to be problem solvers in Brussels in Digital Single Market issues.
Leaving aside the cliché of the unsinkable aircraft carrier and the fact that the American companies have huge investments in the UK, the assumption was that we would temper somewhat the views in Brussels that were taken by the other major party—the German-French alliance—on some of these issues. That ability to influence Brussels substantially disappears if and when we Brexit. As a third country, it will be very interesting to see the extent to which we can influence the regulation of platforms.
Brexit opens up new opportunities. I think the Secretary of State has suggested that, for the first time in a very long time, we can rewrite the Electronic Commerce Directive, which terrified almost everyone I have spoken to about it. That really is untying a Gordian knot. It will be very interesting to see what happens. We will be in a very different environment, and while I assume that the Committee will only be able to be very prospective in its discussion about what will happen post Brexit, it means that some of our stable understandings about the intervention of competition law and other things will change very rapidly.
The Chairman: We have only a few minutes left, but you are introduced to our next question. Baroness Bonham-Carter was going to ask about the effects of leaving the European Union. It is at the heart of all public policy at the moment. Would either of the other witnesses like to address that?
Professor Lorna Woods: I suppose there is the Schrems point, if we are talking about data flows, which is that as we move out of the single market we will have to prove that our data protection standards are adequate from the perspective of the EU. There was a rather famous—to lawyers—case called Schrems, in which data flows to the United States were challenged on account of national security surveillance powers. At the moment, we do not have to justify our regime; we are presumed to comply. We will not get the benefit of that doubt once we have exited. One of the big questions that will affect this area is going to be data flows.
The Chairman: Dr Nash, what does Brexit mean to you?
Dr Victoria Nash: I would add that it is not just data flows but data rights for UK citizens, given that we do not have as great a record on preserving those data rights as might have been wished.
Professor Christopher Marsden: There is another point—it might seem very minor, but it is the area I am best known for—which is that we have an Open Internet Regulation. That introduced, first, pan-European mobile roaming, which some of us enjoy. I suppose if we do not leave the country, we do not worry about that disappearing afterwards. The second thing is the net neutrality rules, which are in a state of some flux at the moment. I sit on the advisory panel for a report on the implementation of these rules in Brussels.
A certain problem that will emerge if and when we leave the European Union is that we will no longer be required to follow those rules on, for example, zero rating. One aspect of that that the Committee might be interested in is that when you look at mobile phone contracts in the UK at the moment, many have zero-rating on specific applications—Spotify, for example, and even Netflix, which are very large consumers of data. Most of those do not—none does, as far as I am aware—include the BBC, as a non-commercial player. There is no incentive to allow iPlayer data to be consumed freely in that way.
It will be interesting to see whether there is a divergence in the way the net neutrality rules are implemented. If you invite Ofcom to give evidence, it might be able to say something about that, because Ofcom wrote the rules that we have in Europe. It was the chair of the working party of the body of European regulators in the area. It would be interesting to see, having written the rules, if we then go outside the rules, the extent to which we conform to the rules.
Q11 Baroness Kidron: My question comes in two parts. Listening very carefully, you say when directors in the financial services became responsible, suddenly their normal behaviour got a bit better. That seems like an argument for regulation rather than no regulation. I thought that the points around transparency were very interesting, but when Facebook get a choice they move out of Ireland and into California. I am just curious: is your fear a fear of bad regulation rather than regulation? Please be brief, because I then want to ask just one thing about the international picture.
Dr Victoria Nash: Clearly, I fear bad regulation much more than I fear regulation, but I guess that I want to see evidence of a clear problem that regulation can solve
Professor Lorna Woods: I suppose nobody wants bad regulation. I am less worried than Dr Nash about the problems that regulation might bring. We have a long history of various forms of regulation of various forms of public communication. We seem to come up with a balance, so it is possible and we should try.
Professor Christopher Marsden: One reason why we constructed the Beaufort scale, with these 12 degrees of co-regulation, is in order to be able to move sectoral regulation up and down the scale according to conditions in society and in the market. That may be a more flexible way. One of the advantages of co-regulation is that the Government can always blame the market for not producing the results they want. They say, “We were not regulating, so it is not our failure”. It is the market’s failure or the user’s failure, even.
Baroness Kidron: Obviously this is a global issue, and it is an international set of agreements that we all ultimately need. Is there a natural place where that should come from? What role do you think the UK could take in trying to establish something at a global level?
Professor Christopher Marsden: Is this the post-Brexit question?
Baroness Kidron: Irrespective, actually.
The Chairman: Inevitably, it is.
Professor Christopher Marsden: I declare an interest in that I have consulted for the Organisation for Economic Co-operation and Development over the last two years on regulation in this area.
Mexico at the time was the largest non-European member of the OECD, aside from the obvious United States. In terms of size of economy, we will become the largest non-aligned member of the OECD post Brexit. The OECD does some fascinating and important work in this area—not direct regulatory work but work that helps to advise on regulation—and I suggest that some of its work has been very influential in assessing what we should do about intermediary liability, for instance. It is a really interesting venue to consider the evidence from. A lot of it is statistical evidence.
The other area is the United Nations Internet Governance Forum (IGF), which apparently will happen this year. Apologies. I am addressing a member of the millennium broadband commission, so I will not perhaps continue on that. You are aware that the United Nations does work in this area because you are doing that work. Forgive me.
The Chairman: Not necessarily all of the Committee is.
Professor Lorna Woods: There are a number of bodies that you could say have an interest. If we are talking about the UN, there is the ITU—the International Telecommunication Union. That is quite a difficult place to get agreements, so I am not sure that I would like to see that body taking up the reins for more content-end stuff. It has a long history on infrastructure and technical standards, although to some extent it is being superseded by the Internet Engineering Task Force, the IETF.
I suppose the problem is that once you get to global levels you are actually dealing with a lot of different perspectives about what is important, what is good and what is necessary. It becomes hugely difficult to get agreement, except at a level of very general abstract principle.
Sometimes some of the documents that come out are actually internally contradictory; you have a statement about the importance of freedom of expression and the next statement is about the importance of somebody’s reputation. I am not sure how far they would really take us. There are some bodies that can do technical stuff quite well, which is important for the practical functioning of the internet, but if you are starting to look at content standards, it is very difficult to get agreement on that. Then, implementation comes down to the nation state.
Dr Victoria Nash: The main function of international organisations in the regulation of the internet is to provide spaces for a variety of different stakeholders to have a say in the governance of the internet, not just nation states. We have mentioned the ITU. UN bodies are more nation-state focused, as you said. It is very difficult to get state-level agreement on these issues. For that very reason, some of the most important ones are those that do not have direct decision-making power, such as the IGF, the IETF and ICAN.
There is also increasingly a space for newer types of international body, which may have a small slice of the pie. The Global Network Initiative, for example, is really interesting and helps to speak to this idea of agreeing international norms or standards to which internationally operating companies that want to abide by it might be held accountable. Again, I do not think that there is a role for the UK Government there, but there is a role for UK citizens and other bodies.
The Chairman: I thank our witnesses for their very comprehensive evidence. The Committee hugely respects expertise and experts and we have a voracious appetite for evidence. You have given us plenty of both and we really appreciate you taking so much time to give us our first set of evidence for this important inquiry. You have also promised us quite a reading list of material. The clerk has written most of it down, but we would appreciate it if you sent us all the reports and written material that you referred to.
Thank you again for joining us and for speaking in English, by the way. It is quite hard for experts always to communicate in clear English, and you all did that very well.