Comment by reginald78
6 months ago
Doesn't that 18 million minimum disproportionately effect smaller operations risk wise? Or is that the point?
6 months ago
Doesn't that 18 million minimum disproportionately effect smaller operations risk wise? Or is that the point?
Yes, but it sounds like part of the point is that you want to put the fear of the Lord into small-fry operators.
They mention especially in their CSAM discussion that, in practice, a lot of that stuff ends up being distributed by smallish operators, by intention or by negligence—so if your policy goal is to deter it, you have to be able to spank those operators too. [0]
> In response to feedback, we have expanded the scope of our CSAM hash-matching measure to capture smaller file hosting and file storage services, which are at particularly high risk of being used to distribute CSAM.
Surely we can all think of web properties that have gone to seed (and spam) after they outlive their usefulness to their creators.
I wonder how much actual “turnover” something like 4chan turns over, and how they would respond to the threat of a 10% fine vs an £18mm one…
[0] https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
It's worth noting that integrating a CSAM hash scanner is easy to do. It took me a few hours to do the work, including testing and automatic database updates.
HOWEVER: I'm not sure how you would get access to the CSAM hash database if you're were starting a new online image hosting service.
The requirements to sign up for IWF (the defacto UK CSAM database) membership are:
- be legally registered organisations trading for more than 12 months;
- be publicly listed on their country registration database;
- have more than 2 full-time unrelated employees;
- and demonstrate they have appropriate data security systems and processes in place.
Cloudflare have a free[1] one but you have to be a Cloudflare customer.
Am I missing something, or does this make it very difficult to start up a public facing service from scratch?
[0] https://www.iwf.org.uk/membership/how-to-join/
[1] https://blog.cloudflare.com/the-csam-scanning-tool/
> Am I missing something, or does this make it very difficult to start up a public facing service from scratch?
It's by design. Politicians have fallen for big tech lobbyists once again.
Also who says that the hashes provided by your CSAM database of choice are actually flagging illegal data and not also data that whoever runs the database wants to track down? You have no idea. You are just complicit in the surveillance state, really.
Yes. The regulation is set up to destroy smaller startups & organisations; the only folks who have a hope of complying with it are Big Tech.
AKA "regulatory capture".
It's a minimum maximum. The amount is still "up to" and courts rarely assign the maximum penalty for anything. It seems aimed at platforms which really break the rules, but are run at minimal cost. Basically a value of "what do you charge a minimal forum run at cost, with sole purpose of breaking all these rules".
Sure, it's "up to", but how low can you assume things will go? 5% would still destroy someone.
You could look at how penalties are assigned in other court cases which have maximum financial penalties.
It is not 18 million minimum, it is up to 18 million... unless you are so big that the second criteria affects you, then it is up to that.
The purpose of a system is what it does