Windows will improve user privacy with DNS over HTTPS
Here in Windows Core Networking, we're interested in keeping your traffic as private as possible, as well as fast and reliable. While there are many ways we can and do approach user privacy on the wire, today we'd like to talk about encrypted DNS. Why?
Basically, because supporting encrypted DNS queries in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic.
Providing encrypted DNS support without breaking existing Windows device admin configuration won't be easy. However,
at Microsoft we believe that "we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology."
We also believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier. There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn't universal. To
keep the DNS decentralized, it will be important for client operating systems (such as Windows) and Internet service providers alike to
widely adopt encrypted DNS .
With the decision made to build support for encrypted DNS, the next step is to figure out what kind of DNS encryption Windows will support and how it will be configured. Here are our team's guiding principles on making those decisions:
Windows DNS needs to be as private and functional as possible by default without the need for user or admin configuration because Windows DNS traffic represents a snapshot of the user's browsing history. To Windows users, this means their
experience will be made as private as possible by Windows out of the box. For Microsoft, this means we will look for opportunities to encrypt Windows DNS traffic without changing the configured DNS resolvers set by users and system administrators.
Privacy-minded Windows users and administrators need to be guided to DNS settings even if they don't know what DNS is yet. Many users are interested in controlling their privacy and go looking for privacy-centric settings such as app permissions
to camera and location but may not be aware of or know about DNS settings or understand why they matter and may not look for them in the device settings.
Windows users and administrators need to be able to improve their DNS configuration with as few simple actions as possible. We must ensure we don't require specialized knowledge or effort on the part of Windows users to benefit from encrypted DNS.
Enterprise policies and UI actions alike should be something you only have to do once rather than need to maintain.
Windows users and administrators need to explicitly allow fallback from encrypted DNS once configured. Once Windows has been configured to use encrypted DNS, if it gets no other instructions from Windows users or administrators, it should assume
falling back to unencrypted DNS is forbidden.
Based on these principles, we are making plans to adopt
DNS over HTTPS (or DoH) in the Windows DNS client. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we're open to having other options such as DNS over TLS (DoT) in the future. For now, we're
prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.
Why announce our intentions in advance of DoH being available to Windows Insiders? With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don't want our customers wondering if their
trusted platform will adopt modern privacy standards or not.
Wolfenstein 3D is a 1992 US first person shooter by id Software
Wolfenstein 3D is considered one of the grandfathers of the genre. The game was a hit from 1992, building on other popular PC shooters at the time such as DOOM .
However the game was banned in Germany in 1992 for its Nazi symbology. Until now. Wolfenstein 3D has now officially been removed from the German Ban list, more than 25 years after the game was released.
The change of heart is based on a court ruling made in 2018, involving a web-based parody game Bundesfighter 2 Turbo . The game, which is a parody of politicians, featured right-wing leader Alexander Gauland who transformed into a Swastika as one
of his special moves. The developers appealed the symbology censorship applied to the game with Germany's attorney general, who ruled that the exemption of art applies to video games. This then overrules games censorship rules previously applying to Nazi
symbology in German games releases.
In what sounds like a profound change to the commercial profiling of people's website browsing history, Google has announced that it will withhold data from advertisers that categorises web pages.
In response to the misuse of medical related browsing data, Google has announced that from February 2020 it will cease to inform advertisers about the content of webpage where advertising space is up for auction. Presumably this is something along the
lines of Google having an available advert slot on worldwidepharmacy.com but not telling the advertiser that the John Doe is browsing an STD diagnosis page, but the advertiser will still be informed of the URL.
Chetna Bindra, senior product manager of trust and privacy at Google wrote:
While we already prohibit advertisers from using our services to build user profiles around sensitive categories, this change will help avoid the risk that any participant in our auctions is able to associate individual ad identifiers with Google's
contextual content categories.
Google also plans to update its EU User Consent Policy audit program for publishers and advertisers, as well as our audits for the Authorized Buyers program, and continue to engage with data protection authorities, including the Irish Data Protection
Commission as they continue their investigation into data protection practices in the context of Authorized Buyers.
Although this sounds very good news for people wishing to keep their sensitive data private it may not be so good for advertisers who will see costs rise and publishers who will see incomes fall.
ANd of course Google will still know itself that John Doe has been browsing STD diagnosis pages. There could be other consequences such as advertisers sending their own bots out to categorise likely advertising slots.
The US internet giants have got a little too effective at censoring user uploaded videos sonow the world is looking for less well policed alternatives.
An Chinese mainlanders found a temporary alternative in Pornhub. A few Chinese nationals created a channel called the Chinese Communist Youth League. They then posted videos boosting the agenda of authorities in Beijing and criticising the Hong Kong
One shocking video calls rioters cockroaches, a term Hong Kong police have used, and shows a man being set on fire after arguing with protesters. Nearly a dozen of the videos appeared in total which had about 9,000 views and gained 32 subscribers.
A rep for PornHub told The NY Post on Thursday the firm has taken down the videos in question.
The push to abolish blasphemy laws is proceeding apace in many western countries. This is a trend that must be welcomed as a victory for freedom of thought and expression, and for the campaigners who have been pushing for reform, both in countries
like Malta and Denmark where the laws were sometimes employed, and countries like Canada and New Zealand where they had been out of use for decades or longer. In an interconnected world, it is important that bad laws, no matter how seemingly inactive,
should be actively abolished, both because of the risk they may be reactivated, as Ireland saw, but also because they set a dangerous precedent in a world where at least 69 states still have blasphemy or quasi- blasphemy laws on the books.
Victories for freedom of thought and expression
Since the publication of last year's Freedom of Thought Report, three more countries have abolished the crime of blasphemy, in all cases as part of reforms designed to remove laws considered anachronistic or contrary to twenty-first century human rights
In December 2018, the Canadian Senate voted for repeal, as part of a bill intended to remove outdated legislation. Under Section 296 of the Canadian Criminal Code, dating back to 1892 the crime of blasphemous libel was in principle punishable by a prison
term up to two years. Despite a good faith provision protecting opinion delivered in decent language, the law had historically been used to prosecute satire and criticism.
Then, in March 2019, the New Zealand parliament voted to repeal blasphemous libel, again as part of a package of measures to remove anachronistic laws under the Crimes Amendment Bill. The move follows decades of campaigning by Humanist NZ, a national
partner in the End Blasphemy Laws campaign. In their submission to a public consultation on the bill to remove Section 123 of the criminal code, Humanist NZ argued for repeal of blasphemy on the grounds that it was detrimental to the country's capacity
to challenge rights violations committed under so-called blasphemy laws abroad, an argument that was taken up by Justice Minister Andrew Little in favour of repeal. Later arguing for the repeal, Little declared that blasphemy law was out of place with
New Zealand's position as a bastion of human rights.
And similarly, in June 2019, once again as part of a wide-ranging overhaul of the Criminal Code and the Code of Criminal Procedures, Greece dropped the two articles outlawing blasphemy. There were some words of criticism from leaders of the Greek
Orthodox church, however wider public reaction was minimal, and the move was welcomed by the Humanist Union of Greece, which had lobbied on the move for many years, as well as other campaigners for free expression.
Cultures of taboo and regression in law
The divide between countries respecting secular freedom and those which do not is growing however.
It was welcome and celebrated news in October 2018 that a Pakistani Christian woman, Asia Bibi, was finally pardoned from blasphemy allegations dating back to 2009, and was freed and fled to Canada in May 2019. However, the fate of dozens or hundreds of
others accused of blasphemy in the country is more obscure and deeply troubling. One relatively well-known case, Junaid Hafeez, a lecturer accused of blasphemously discussing the life of Muhammad on a closed Facebook group, remain in prison in solitary
confinement. His first defence lawyer quit after receiving death threats, his second defence lawyer was murdered. Others have been disappeared and then charged with blasphemy in connection with accusations that they merely joined atheist groups online.
Extrajudicially, blasphemy accusations lead to mob attacks and murder. Despite occasional attempts to argue for reform, all critical discussion of Pakistan's blasphemy laws stands to be criticized by Islamists as itself an act of blasphemy, leading to
the condemnation and sometimes the assassination of those who even suggest reform of the law.
Meanwhile in Saudi Arabia, a number of accused apostates or blasphemers, some of whom were previously sentenced to death, including Ahmad Al Shamri, Ashraf Fayadh, Waleed Abu al-Khair, and Raif Badawi, have disappeared into the prison system.
While the blasphemy situation in Pakistan is perennially horrific, and the situation for apostates and blasphemers in Saudi and other states enforcing conservative taboos is nothing to be emulated, a number of other countries have actually increased
penalties for such crimes in the past year alone.
The case of Mohamed Cheikh Ould Mkheitir has shaken Mauritania since 2014. Accused of blasphemy and apostasy over an article he wrote about religion and slavery, as a member of a commonly indentured caste himself, Mkheitir was reviled by Islamist groups
and leaders who repeatedly dogged his trial with rallies calling for his death. Mkheitir was imprisoned from early 2014, and handed a death sentence before the end of that year. The death penalty was subsequently commuted, and after years of isolated
imprisonment he was pardoned by the Supreme Court in 2017, but he remained in detention until finally being allowed to leave the country in 2019. The entire long episode is a story of gross injustice against an innocent man, and could have served
responsible lawmakers as a basis on which to talk about the perils of allowing extremists to incite hatred under the guise of blasphemy and apostasy allegations; could have moved the state toward just reforms. Instead, they opted for entrenching
extremist demands, actually increasing the penalties for apostay and blasphemy to a mandatory death penalty as of April 2018.
After some years of staged implementation, the kingdom of Brunei has increased penalties for various crimes against religion including aspotasy and blasphemy, as well as adultery and gay sex. These are now capital crimes. The sultan has said that a
moratorium on the death penalty will be preserved. However, indefinite prison terms are a terrifying prospect for people simply trying to live their lives and express their beliefs. The persecution of innocent people is a high price to pay for an
entirely impossible attempt to impose cultural homogeneity across a society on questions concerning religion and personal morality.
A world divided
Despite the victories in Europe, Canada and New Zealand, then, it remains the case that 69 countries outlaw blasphemy or criticism of religion under similar laws, 6 of those carrying a death penalty.
Meanwhile at least 18 countries outlaw apostasy (the mere fact, or announcing of the fact, of leaving or changing religion), 12 of those carrying a death penalty.
In a major victory for privacy rights, a federal court has held that the federal government's suspicionless searches of smartphones, laptops, and other electronic devices at airports or other U.S. ports of entry are unconstitutional.
In recent years, as the number of devices searched at the border has quadrupled, international travelers returning to the United States have increasingly reported cases of invasive searches.
Documents and testimony we and the Electronic Frontier Foundation obtained as part of our lawsuit challenging the searches revealed that the government has been using the border as a digital dragnet. CBP and ICE claim sweeping authority to search our
devices for purposes far removed from customs enforcement, such as finding information about someone other than the device's owner.
The court's order makes clear that these fishing expeditions violate the Fourth Amendment. The government must now demonstrate reasonable suspicion that a device contains illegal contraband. That's a far more rigorous standard than the status quo, under
which officials claim they can rummage through the personal information on our devices at whim and with no suspicion at all.
Online freedom in Russia is getting worse and worse and the latest laws being considered by the Russian Parliament look set to lead to a further deterioration.
MPs are currently pushing through legislation that would force all computers and mobile devices sold in Russia to come with a series of pre-installed applications which would pose a massive threat to users online security and privacy.
Now the Russian Duma (lower parliament) is considering a law which it claims would protect Russian technology against competition from overseas tech companies.
But protectionism is the least of the Russian people's concerns if this law makes it onto the statute books. Compelling devices to come pre-installed with domestic apps offers the Putin regime a wonderful opportunity to spy on every single Russian
internet user and punish those who deviate from its exacting regulations.
Imagine if ITV had to offer an option to let viewers opt out of adverts whilst continuing to watch for free. There would soon be no ITV. Yet the EU cloud cuckoolanders are trying to force the internet to offer that same option
Its a perennial silly story that gets repeated around the world, that Net Nanny type software reports how many attempts to access porn are made by government ministers, or their staff, or whatever.
Journalists are quit to jump to the conclusion that people are trying to watch Pornhub whilst at work.
In the latest example New Zealand's prime minister has ticked off public servants after it was revealed that staff at several ministries had their access to explicit material blocked hundreds of times. Documents showed, among staff from other ministries,
Department of Conservation staff have been blocked from accessing pornography websites 148 times since January 29.
In reality 148 times is hardly any, 15 times a month for the whole staff. And of course there is an easy explanation for those 148 times. Sites like Melon Farmers are often classed as porn by internet filters as the reason for blocking them from
children. Fair enough Melon Farmers frequently references porn and may indeed not be suitable for children...but it is not a porn website. Those 148 access attempts could easily explained by blocked access to Melon Farmers.
In fact I would argue that 148 blocked access attempts in 10 months rather proves that the staff in question are NOT spending their time watching porn.
Australia's internet censor will block gambling websites hosted offshore under new powers now in effect. Gamblers have been warned by The Australian Communications and Media Authority (ACMA) to withdraw their funds now from any unlicensed overseas
gambling sites before they are blocked.
Internet gambling sites such as Emu Casino and FairGo Casino which are run from Curacao in the Caribbean will be among the first to be blocked, the Sydney Morning Herald reported.
ACMA said on Monday it will ask ISPs to block websites in breach of the Interactive Gambling Act 2001 using new internet censorship powers now in effect. ACMA chair Nerida O'Loughlin said
In many cases these sites refuse to pay significant winnings, or only a small portion. Customers had also experienced illegal operators continuing to withdraw funds from their bank account without authorisation. There is little to no recourse for
consumers engaging with these unscrupulous operators. If you have funds deposited with an illegal gambling site, you should withdraw those funds now.
ACMA publishes a list of licensed gambling services where people can check if online gambling websites are licensed in Australia on their website.
BritBox, the new internet TV joint venture from the BBC and ITV will not include classic homegrown series that are deemed to be inappropriate for fragile modern audiences.
The new £5.99-a-month service, which will also offer shows from Channel 4 and Channel 5, is aiming to compete with Netflix and Amazon Prime Video.
However, bosses have said a range of classic shows, such as the BBC's Till Death Us Do Part and ITV's Love Thy Neighbour , will not appear on the service because of content deemed racist or otherwise unacceptable.
Reemah Sakaan, the senior ITV executive responsible for launching the service confirmed that Till Death Us Do Part, Love Thy Neighbour, and It Ain't Half Hot Mum will all be absent.
There are numerous individual episodes of some shows that will appear on BritBox eg Only Fools and Horses and Fawlty Towers could be deemed inappropriate for modern viewing. However, it is understood that no Fawlty Towers episodes will be
cut from the service, although they will run with warnings about offensive language, (and presumably censor cuts).
The US authorities came down heavily on Google for YouTube's violations of the 1998 US children's data privacy law called COPPA. This ended up with Google handing over $170 million in settlement of claims from the US FTC (Federal Trade Commission).
COPPA restricts operators of websites and online services from collecting the personal information of under-13 users without parental permission. The definition of personal information includes personal identifiers used in cookies to profile internet
users for targeted advertising purposes.
So now YouTube has announced new procedures starting 1st January 2010. All content creators will have to designate whether or not each of their videos is directed to children (aka kid-directed aka child-directed) by checking a box during the upload
process. Checking that box will prevent the video from running personalized ads. This rule applies retrospectively so all videos will have to be reviewed and flagged accordingly.
It is probably quite straightforward to identify children's videos, but creators are worried about more general videos for people of all ages that also appeal to kids.
And of course there are massive concerns for all those creators affected about revenues decreasing as adverts switch from personalised to general untargeted ads.
tubefilter.com ran a small experiment suggesting that revenues will drop between 60 and 90% for videos denies targeted advertising.
And of course this will have a knock on to the viability of producing videos for a young audience. No doubt the small creators will be hit hardest, leaving the market more open for those that can make up the shortfall by working at scale.
Governments around the world are increasingly using social media to manipulate elections and monitor their citizens, tilting the technology toward digital authoritarianism. As a result of these trends, global internet freedom declined for the ninth
consecutive year, according to
Freedom on the Net 2019 , the latest edition of the annual country-by-country assessment of internet freedom, released by Freedom House.
Adding to the problem of meddling by foreign regimes, a new menace to democracy has risen from within, as populist leaders and their armies of online supporters seek to distort politics at home. Domestic election interference marred the online landscape
in 26 of the 30 countries studied that held national votes over the past year. Disinformation was the most commonly used tactic. Authorities in some countries blocked websites or cut off access to the internet in a desperate bid to cling to power.
Mike Abramowitz, president of Freedom House said:
"Many governments are finding that on social media, propaganda works better than censorship. Authoritarians and populists around the globe are exploiting both human nature and computer algorithms to conquer the ballot box, running roughshod over
rules designed to ensure free and fair elections."
Governments from across the democratic spectrum are indiscriminately monitoring citizens' online behavior to identify perceived threats--and in some cases to silence opposition. Freedom House has found evidence of advanced social media surveillance
programs in at least 40 of the 65 countries analyzed.
Adrian Shahbaz, Freedom House's research director for technology and democracy said:
"Once reserved for the world's most powerful intelligence agencies, big-data spying tools are making their way around the world. Advances in AI are driving a booming, unregulated market for social media surveillance. Even in countries with
considerable safeguards for fundamental freedoms, there are already reports of abuse."
The proliferation of sophisticated monitoring tools has reduced people's ability to freely express themselves and be civically active online. Of the 65 countries assessed in this report, a record 47 featured arrests of users for political, social, or
"The future of internet freedom rests on our ability to fix social media. Since these are mainly American platforms, the United States must be a leader in promoting transparency and accountability in the digital age. This is the only way to stop the
internet from becoming a Trojan horse for tyranny and oppression."
Declines outnumber gains for the ninth consecutive year. Since June 2018, 33 of the 65 countries assessed in Freedom on the Net experienced a deterioration in internet freedom. The biggest score declines took place in Sudan and Kazakhstan,
followed by Brazil, Bangladesh, and Zimbabwe. Improvements were measured in 16 countries, with Ethiopia recording the largest gains.
Internet freedom declines in the United States. US law enforcement and immigration agencies increasingly monitored social media and conducted warrantless searches of travelers' electronic devices, with little oversight or transparency. In a number
of troubling cases, the monitoring targeted constitutionally protected activities such as peaceful protests and newsgathering. Disinformation was again prevalent around major political events, spread increasingly by domestic actors.
China is the world's worst abuser of internet freedom for the fourth consecutive year. Censorship reached unprecedented extremes in China as the government enhanced its information controls ahead of the 30th anniversary of the Tiananmen Square
massacre and in the face of persistent antigovernment protests in Hong Kong.
Digital platforms are the new battleground for democracy. Domestic state and partisan actors used propaganda and disinformation to distort the online landscape during elections in at least 24 countries over the past year, making it by far the most
popular tactic for digital election interference. Often working in tandem with government-friendly media personalities and business magnates, semiautonomous online mobs transmitted conspiracy theories, inflammatory views, and misleading memes from
marginal echo chambers to the political mainstream.
Governments harness big data for social media surveillance. In at least 40 out of 65 countries, authorities have instituted advanced social media monitoring programs. These sophisticated mass surveillance systems can quickly map users'
relationships; assign a meaning to their social media posts; and infer their past, present, or future locations. Machine learning enables the programs to find patterns that may be invisible to humans, and even to identify whole new categories of patterns
for further investigation.
Free expression is under assault. A record high of 47 out of 65 countries featured arrests of users for political, social, or religious speech. Individuals endured physical violence in retribution for their online activities in at least 31
Authorities normalize blanket shutdowns as a policy tool. Social media and communication applications were blocked in at least 20 countries, and telecommunications networks were suspended in 17 countries, often in the lead-up to elections or
during protests and civil unrest.
More governments enlist bots and fake accounts to manipulate social media. Political leaders employed individuals to surreptitiously shape online opinions and harass opponents in 38 of the 65 countries covered in this report--another new high.
Freedom House is an independent watchdog organization that supports democratic change, monitors the status of freedom around the world, and advocates for democracy and human rights.
Oliver Dowden, Minister for the Cabinet Office, Priti Patel, Home Secretary and Nicky Morgan MP have called on social media bosses t protect them from abuse. They wrote:
To Mark Zuckerberg Facebook CEO
Jack Dorsey Twitter CEO
Sundar Pichai Google CEO
The UK General Election campaign starts tomorrow. We must ensure robust debate during the campaign does not mutate into intimidation, harassment and abuse.
Freedom of speech is a fundamental tenet of British democracy, and this includes the freedom to speak without being threatened or abused. We must tackle this worrying trend of abuse of people in public life and that certain groups are not deterred from
standing or speaking freely because they fear for their safety.
It is important to distinguish between strongly felt political debate on one hand, and unacceptable acts of abuse, hatred, intimidation and violence.
Chief Constables continue to contact candidates in their force area to re-emphasise the importance of reporting any criminal offences, safety concerns or threats to the police. We know that you have also been working to tackle abusive behaviour on your
platforms, including through delivering training on online safety and creating dedicated reporting channels. We welcome these measures - it is right that processes are in place to deal with cases of abuse or intimidation in an appropriate and timely
As we enter this election period, we are conscious that there are a large number of new candidates who will be unfamiliar with how to seek help if they believe they are being subjected to abuse, and in some cases, illegal activity online. You will be
aware that a number of MPs have also identified the online abuse and threats they receive as a particular concern as we approach another electoral event. Therefore we would encourage you to:
Work together to provide a one stop shop piece of advice for candidates which will include what content breaches your terms and conditions, where to report where they believe content may be breaching these, and what response they can expect from you.
Work with officials and the Political Parties to ensure that safety and reporting guidance reach the widest possible audience of candidates and electoral staff as soon as possible.
Have regular dialogue between you during the campaign to ensure where content or users are breaching your terms and conditions, this information is shared between you to reduce a lag time in action as abusive material or users migrate between platforms.
Continue to have an open and regular dialogue with the security, policing and electoral authorities. We will ask officials to liaise with you on the best way to take this forward.
Protecting our democracy and ensuring this election is fought fairly and safely is all our responsibilities. We trust that you are taking the necessary steps to ensure this is the case during the forthcoming election period, and look forward to you
providing an update on this.
The UK Parliament's Joint Committee on Human Rights has reported on serious grounds for concern about the nature of the "consent" people provide when giving over an extraordinary range of information about themselves, to
be used for commercial gain by private companies:
Privacy policies are too complicated for the vast majority of people to understand: while individuals may understand they are consenting to data collection from a given site in exchange for "free" access to content, they
may not understand that information is being compiled, without their knowledge, across sites to create a profile. The Committee heard alarming evidence about eye tracking software being used to make assumptions about people's sexual orientation, whether
they have a mental illness, are drunk or have taken drugs: all then added to their profile.
Too often the use of a service or website is conditional on consent being given -- raising questions about whether it is freely given
People cannot find out what they have consented to: it is difficult, if not nearly impossible, for people - even tech experts - to find out who their data has been shared with, to stop it being shared or to delete inaccurate
information about themselves.
The consent model relies on individuals knowing about the risks associated with using web based services when the system should provide adequate protection from the risks as a default..
It is completely inappropriate to use consent when processing children's data: children aged 13 and older are, under the current legal framework, considered old enough to consent to their data being used, even though many adults
struggle to understand what they are consenting to.
Key conclusions and recommendations
The Committee points out that there is a real risk of discrimination against some groups and individuals through the way this data is used: it heard deeply troubling evidence about some companies using personal data to ensure that
only people of a certain age or race, for example, see a particular job opportunity or housing advertisement.
There are also long-established concerns about the use of such data to discriminate in provision of insurance or credit products.
Unlike traditional print advertising where such blatant discrimination would be obvious and potentially illegal personalisation of content means people have no way of knowing how what they see online compares to anyone else.
Short of whistleblowers or work by investigative journalists, there currently appears to be no mechanism for protecting against such privacy breaches or discrimination being in the online "Wild West".
The Committee calls on the Government to ensure there is robust regulation over how our data can be collected and used and it calls for better enforcement of that regulation.
The Committee says:
The "consent model is broken" and should not be used as a blanket basis for processing. It is impossible for people to know what they are consenting to when making a non-negotiable, take it-or-leave-it "choice"
about joining services like Facebook, Snapchat and YouTube based on lengthy, complex T&Cs, subject to future changes to terms.
This model puts too much onus on the individual, but the responsibility of knowing about the risks with using web based services cannot be on the individual. The Government should strengthen regulation to ensure there is safe
passage on the internet guaranteed
Its completely inadequate to use consent when it comes to processing children's data,. If adults struggle to understand complex consent agreements, how do we expect our children to give informed consent? The Committee says setting
the digital age of consent at 13 years old should be revisited.
The Government should be regulating to keep us safe online in the same way as they do in the real world - not by expecting us to become technical experts who can judge whether our data is being used appropriately but by having
strictly enforced standards that protect our right to privacy and freedom from discrimination.
It should be made much simpler for individuals to see what data has been shared about them, and with whom, and to prevent some or all of their data being shared.
The Government should look at creating a single online registry that would allow people to see, in real time, all the companies that hold personal data on them, and what data they hold.
The report is worth a read and contains many important points criticising the consent model as dictated by GDPR and enfoced by ICO. Here are a few passages from the report's summary:
The evidence we heard during this inquiry, however, has convinced us that the consent model is broken. The information providing the details of what we are consenting to is too complicated for the vast majority of people to understand. Far too often, the
use of a service or website is conditional on consent being given: the choice is between full consent or not being able to use the website or service. This raises questions over how meaningful this consent can ever really be.
Whilst most of us are probably unaware of who we have consented to share our information with and what we have agreed that they can do with it, this is undoubtedly doubly true for children. The law allows children aged 13 and over to give their own
consent. If adults struggle to understand complex consent agreements, how do we expect our children to give informed consent. Parents have no say over or knowledge of the data their children are sharing with whom. There is no effective mechanism for a
company to determine the age of a person providing consent. In reality a child of any age can click a consent button.
The bogus reliance on consent is in clear conflict with our right to privacy. The consent model relies on us, as individuals, to understand, take decisions, and be responsible for how our data is used. But we heard that it is difficult, if not nearly
impossible, for people to find out whom their data has been shared with, to stop it being shared or to delete inaccurate information about themselves. Even when consent is given, all too often the limit of that consent is not respected. We believe
companies must make it much easier for us to understand how our data is used and shared. They must make it easier for us to opt out of some or all of our data being used. More fundamentally, however, the onus should not be on us to ensure our data is
used appropriately - the system should be designed so that we are protected without requiring us to understand and to police whether our freedoms are being protected.
As one witness to our inquiry said, when we enter a building we expect it to be safe. We are not expected to examine and understand all the paperwork and then tick a box that lets the companies involved off the hook. It is the job of the law, the
regulatory system and of regulators to ensure that the appropriate standards have been met to keep us from harm and ensure our safe passage. We do not believe the internet should be any different. The Government must ensure that there is robust
regulation over how our data can be collected and used, and that regulation must be stringently enforced.
Internet companies argue that we benefit from our data being collected and shared. It means the content we see online - from recommended TV shows to product advertisements - is more likely to be relevant to us. But there is a darker side to
personalisation. The ability to target advertisements and other content at specific groups of people makes it possible to ensure that only people of a certain age or race, for example, see a particular job opportunity or housing advertisement. Unlike
traditional print advertising, where such blatant discrimination would be obvious, personalisation of content means people have no way of knowing how what they see online compares to anyone else. Short of a whistle-blower within the company or work by an
investigative journalist, there does not currently seem to be a mechanism for uncovering these cases and protecting people from discrimination.
We also heard how the data being used (often by computer programmes rather than people) to make potentially life-changing decisions about the services and information available to us is not even necessarily accurate, but based on inferences made from the
data they do hold. We were told of one case, for example, where eye-tracking software was being used to make assumptions about people's sexual orientation, whether they have a mental illness, are drunk or have taken drugs. These inferences may be
entirely untrue, but the individual has no way of finding out what judgements have been made about them.
We were left with the impression that the internet, at times, is like the Wild West, when it comes to the lack of effective regulation and enforcement.
That is why we are deeply frustrated that the Government's recently published Online Harms White Paper explicitly excludes the protection of people's personal data. The Government is intending to create a new statutory duty of care to make
internet companies take more responsibility for the safety of their users, and an independent regulator to enforce it. This could be an ideal vehicle for requiring companies to take people's right to privacy, and freedom from discrimination, more
seriously and we would strongly urge the Government to reconsider its decision to exclude data protection from the scope of their new regulatory framework. In particular, we consider that the enforcement of data protection rules - including the risks of
discrimination through the use of algorithms - should be within scope of this work.