-
is there the chance that when it does come out it'll provide some paths for lower compliance burdens on SMEs/single-person outfits? As I understand the CSAM scanning thing is still slightly in the air as the tech doesn't exist yet/is not widely available..?
From what was published two days ago that seems unlikely, the guidance was relatively clear (linked in the main shutdown thread first post)... a forum would come under "All Services" and "Multi-Risk Services"... and the Multi-Risk services include scanning of content (links, images), as well as additional moderation tools, and training for moderators, etc.
The burden I see isn't just the compliance risk assessment, but the actions needed to mitigate the risk identified.
I am old, so recall the https://en.wikipedia.org/wiki/Gay_Nigger_Association_of_America trolls spamming Slashdot continuously for years... and I recall 4chan and 8chan forum invasions and the uploading of an overwhelming amount of porn onto other forums.
We cannot say that the risk is not there, and the Streisand Effect shows that once it's known how to weaponise the risk then it will be weaponised.
To really mitigate the risk we'd need a much larger team of volunteers, all very active... today if I went on holiday, hiking and stargazing, or did a work trip that took me offline as I'm too busy... it could be 1-2 weeks before I could respond to moderation requests. This is realistic today.
Under the Online Safety Act, whilst the material posted remains unmoderated, harm is caused and the risk is realised.
This is fundamentally my concern... I think there is a path for compliance, but it requires not just legal work, but technical work... on a platform that is a decade old and that only I know intimately today.
There is also a path for not making compliance necessary, which is just to leave it as-is in terms of technical capability (no scanning of content, etc), and to take it fully out of the UK (my involvement ends anyway, hosting moves to France or Germany, someone manages the money side from Europe, all UK specific sites shut down).
We do need to evaluate what would be required to consider the compliance path... but if we cannot meet that standard and no-one wants to take the full liability, then what's the path to just keeping the international side of things and breaking all links with the UK?
Another offer turned up yesterday by a company in the US to give us a shelter... it all works, but only if links to the UK are broken (though I'm inclined towards an EU shelter instead).
You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
Velocio
If this moves overseas, wouldn't you still need someone willing to run the servers/backend etc. who is willing to shoulder the risk of enforcement (which is in practice probably low and particularly if they're overseas, though) as long as UK users keep accessing the forum..? Not sure decentralisation necessarily would help unless there is a lot of technical effort to mask IPs etc. of the people involved which is beyond my understanding (because of the wide definition of person/officer in the OSA)! I'd think the majority of the people here are UK based and would probably want access to the forum though, so if it does live on in that form it may be a very different beast to how it is now.
Not to downplay the amount of work needed to comply as you have looked into this the most, but given Ofcom guidance isn't out, is there the chance that when it does come out it'll provide some paths for lower compliance burdens on SMEs/single-person outfits? As I understand the CSAM scanning thing is still slightly in the air as the tech doesn't exist yet/is not widely available..?