About this time of year lots of technology pundits write columns about what they think is going to happen in the upcoming twelve months or so. I have decided to join in.
You don't need to be Einstein to work out that Neelie Kroes's recent announcement is going to loom large on everyone's horizons in 2012 consequently I won't dwell on it. I have written about it recently anyway. This blog will instead look at the macro level, particularly on the policy side and at a number of interesting hardware developments.
Internet enabled TVs with voice commands
The sales of internet enabled TVs are on the way up. This trend is about to be given a major shove. The word on the street is that both Microsoft and Apple are close to bringing out High Definition TVs with wifi and Ethernet connectivity built in. They will offer a range of ways of switching channels or moving between TV and the internet. Among them will be high quality voice recognition software. You will be able speak to the machine and tell it what you want to watch or do, which sites you want to visit. I wonder how it will deal with conflicting demands shouted at it simultaneously in a noisy living room?
It is hard to imagine these TV-computer hybrids arriving in our homes without strong filtering built in and up and running from the get go. Jumping from The Simpsons to Pornhub ought to be difficult, at least straight out of the packaging it should be. Clearly it ought not be impossible. Many households have no kids. They must be able to drop any and all filtering if that's what they want. I know the companies that manufacture the boxes which create all this wizardry are on to this.
But this development will profoundly influence the politics surrounding the perennial arguments about censorship and control of the internet. When the internet is visibly and persistently in everybody's face, occupying a prominent position in collective family life, certainly among families with younger children, it is going to add a whole new dimension to the debate. In fact it will change the debate irrevocably. The closer the internet gets to looking like TV the more it can expect to be treated in an analogous fashion. I guess OFCOM is mulling this over. How will the forthcoming Communications Bill deal with it?
Android will be forced to introduce quality control for apps
I predict that in 2012 one or more apps will make their way into the Android eco system, become very popular and then be exposed as gigantic data rip offs, or worse. Data Protection Registrars and Information Commissioners will cut up rough (again). Google will have to acknowledge that its present (non) system for allowing new apps to go live on the Android platform is not sustainable.
Neelie Kroes has called for improved content classification and if this is seen as encompassing mobile apps, which it must, then that will provide an additional nudge in the same direction.
Public wifi will mimic mobile networks' defaults
Lots of companies and organizations provide free wifi access to the internet for people who come on to their premises. Typically by default such access is unrestricted. All legal content will be viewable.
Imagine sitting in a bookshop or coffee house with your kids and the guy with the large screen laptop at an adjacent table is browsing through hard core porn sites. It's one thing if he is using a dongle or some other means to access the internet under his own steam, you could just ask him to stop or leave, but if your business is providing him with the access you have some responsibility.
In the UK the Olympics will bring this to a head. Large scale public wifi provision is being rolled out across the capital in time for the opening of the games. The Government will not want visitors' memories of London in the summer of 2012 to be clouded by a porn fest provided at UK taxpayers' expense. The defaults for all public wifi will be family-friendly. The leading players have accepted this and in 2012 it will become a reality. In environments which are adult only businesses can do what they like. But on the High Street, hotel lobbies and railway stations other rules should apply.
One big list of child abuse urls
An alliance of the EU, INHOPE, INTERPOL and perhaps some other players will finally produce or cause to be produced one big list of all known urls containing child abuse images. With appropriate levels of security this will be made available to search engines, companies producing filtering products and other enterprises with an appropriate interest.
Attention will also turn to how we determine whether or not companies receiving the list are deploying it correctly and comprehensively. For example, in the UK the IWF updates its list twice per day. Does everyone who receives that list do the same? Should they? If not, why not? What sort of intervals between updates are reasonable? I have heard of one company that takes the IWF updates twice per day but they only update their servers once every eight weeks. That doesn't feel right.
PhotoDNA and similar products will make an impact
Tests on Microsoft's PhotoDNA will be completed and the product will be pronounced fit for purpose working at its present scale, which is not huge. The challenge will be to upgrade it to a point where it embraces more substantial volumes of illegal images, perhaps customized for different jurisdictions. Products similar to PhotoDNA will emerge and offer to play a complementary role or perhaps be complete alternatives. Latching on to video content will become more important and experiments will continue into how we might identify and intercept illegal materials as they move across the network. We should not always have to wait for the images to land on a storage device before acting to remove them from a harmful path.
Attacking both urls and actual images has to be the way forward, particularly as we start to focus more on Peer2Peer and other environments.
Intermediaries will be required to do more to police the internet
As the volumes of a range of different internet crimes continue to grow the practical impossibility of the state or its immediate agents being able to act to control it or enforce the law will become more and more obvious. As a society we are going to have to become more inventive in how we tackle this while making sure always that we do not trample on anyone's human rights.
Notice and Take Down will remain centre stage but it may be supplemented by a new EU wide law which might say
If you take down an item in good faith as the result of an honest and reasonable belief that it was unlawful or otherwise contravened your terms of service, you will be held harmless as long as, upon notice or on realizing that an error has occurred, you put it back up expeditiously.
This touches on the eCommerce Directive and mere conduit status. In 2012 there will be a note of clarification issued by Commissioner Barnier's Directorate. It is likely to help with parts of these concerns.
Up close and personal
More wearable and embedded devices will start coming on to the market. Some are here now e.g. programmable microchips that can be inserted into our bodies to monitor various aspects of our physical health or administer medicines at particular times. Several of these gadgets are or will become internet enabled. That will mean there will be yet more data about us and our whereabouts floating around in the ether.
Here's looking at you or it
There will be more machines looking out at us, analysing our age, gender and buying habits. And we will start to have more ways of looking at things, even from our mobile phones. Remember that scene in Star Wars? Princess Leia suddenly appears in 3D having been dropped on to a nearby table top by R2D2's all-seeing eye. Turns out the eye was also a projector. The Princess tells Obi-Wan Kenobi he's the rebels' only hope in their struggle against the Evil Empire. She begs him to head straight for the planet Alderon with the schematics for the Death Star which she has secreted in R2D2′s innards.
Apple have submitted a patent application for a projector. On to what surfaces it will be able to project and to what size only time will tell. When will they appear in iPhones, iPads and the like? Then there are flexible screens which can be rolled up like paper and, also like paper, unfolded and thereby the dimensions are increased as and when needed.
In development are prototypes of wrap around glasses with ear pieces attached. You can plug a device into them and get the benefit of HiFi sound and High Definition images spread across what looks to you like a 700 inch screen.
The limitations of small form factor devices such as smartphones may soon be a thing of the past. OK maybe not by the end of 2012 but do not forget where you read it first! You will likely still carry around a small electronic device for making voice or voice and video calls but you won't have to squint at a tiny screen to do stuff with it, or manipulate your fingers and thumbs across minute keys to type text. A full size keyboard can be temporarily painted on to anywhere that's convenient. With voice recognition software which is similar to what you use with your new TV at home perhaps even keyboards will become superfluous.
Ensuring age appropriateness and legal compliance
The direction of travel is clear, irreversible and picking up pace.
Increasingly policy makers are talking about the importance of serving up or creating age appropriate content to children and young people who will benefit from age appropriate default privacy settings which ensure that, inter alia, they are not exposed to age inappropriate or age restricted forms of advertising or e-commerce. We are moving towards replicating in the virtual world, as far as we can, practices which have been operational and taken for granted in the real world for several decades.
In that context it is inevitable that the question of age verification or identity authentication will be discussed ever more seriously and urgently. Obviously in lots of instances online a person's age, identity or personal attributes will be completely irrelevant. But in others they will not be. In his Review Reg Bailey said that wherever a company declares it has an age-related policy or wherever there is an age-related requirement imposed by law all companies operating in those markets should be able to show that they are in compliance.
It is implausible to suggest that we will never be able to deal with this problem or that we will forever be stuck where we are right now. 2012 will be a watershed year. The business advantages associated with age verification will become clearer and that, in the end, is why I believe it will happen and become widespread.
Let's pluck a social networking platform at random from thin air, say Facebook. They could have two classes of members. Those who had been age verified as being 18 or above and those who had not. Bear in mind that Facebook insists on a real names policy. Getting your age verified does not in and of itself expose you to any additional risks but, if you were verified as being over 18, you might be given an option to indicate that was the case.
When it comes to dealing with children and young people it is hard to think of a good reason for deliberately avoiding knowing what their true ages are. Once they reach the age of majority everything changes. Permanently. But until then....
For those who had been verified as 18 or more the opportunities to market more products and services to them would multiply. Makes a lot of sense whichever way you look at it.
Data collection and processing
The rules affecting the collection and processing of personal data are fundamental to the way in which policy in this space will develop. In the online world these rules represent the building blocks on which most other endeavours have to be based.
The EU's new draft regulations on the processing of personal data are to be officially published for consultation in January. I am curious to see how closely the published version corresponds with the one that was leaked a few weeks ago.
In the leaked edition it is apparent that for data processing purposes the consent of the individual will remain a cornerstone. This is consistent with and follows the same logic as the recently adopted EU-wide rules on cookies.
At paragraph 27 on page 22 of the leaked document the following statement appears
Children deserve specific protection of their personal data, as they may be less aware
of risks, consequences, safeguards and their rights in relation to the processing of
personal data.
Quite right too. Expect to see more focus on using icons and symbols to highlight important terms and conditions, particularly around aspects of privacy policies. This will benefit nor just children and young people but all of us.
According to the leaked document everyone under the age of 18 will be classified as a child. That said, it does not follow that everyone under the age of 18 will therefore have to have parental consent before they can join any online service or surrender any personal data to any third party. That would be absurd, and could be illegal. As far as I can see the leaked document does not say such an interpretation is the only possible one. It says this is a detail to be resolved at a later date by delegated legislation.
The Article 29 Working Party published a report on social networking in June, 2009. At paragraph 4 (page 11) they said
The Working Party encourages further research on how to address the difficulties surrounding adequate age verification and proof of informed consent.....
If such research has been carried out I am not aware of it.
In Spain they decreed companies wishing to collect and process data from persons below the age of 14 must first obtain a parent's verifiable consent. The UK has no fixed age though in its publication "Personal information online code of practice" the Information Commissioner's Office suggests on page 15 that12 is probably about right. In his report at Recommendation 9, page 17, Reg Bailey hints that the right age might be 16. The Article 29 Working Party was correct. Careful thought and new research are a priority.
Establishing a set of rules for the whole of the EU about the online collection and processing of data from children and young people by commercial companies and other organizations would have far reaching implications. We are a long way off being able to fix a single minimum age below which all companies in every country would be obliged to seek verifiable parental consent before they could collect, process or store data from children and young people. But we could end up with a uniform framework of rules that left it to each Member State to determine which age levels might apply in different situations for persons living in their jurisdiction.
Age appropriate environments
In her letter to CEOs Neelie Kroes specifically referred to age appropriate privacy settings. This is not surprising. The position we are in at the moment is ridiculous.
We know from the EU Kids Online survey that there are countries where over half of all children are misrepresenting their age in order to gain access to services which are not meant for them. A significant number of sub-13 year olds pass themselves off as adults. This means they could be being exposed to some particularly worrying risks e.g. if information about their physical location starts to be broadcast to strangers.
A system where more than 50% of the target group evades the rule with the greatest of ease is not a rule at all. I don't know what you would call it. It's not really a fig leaf because it covers nothing. The USA's FTC blew it on the non-event which was the COPPA Review. The EU may force the pace and require all companies to behave differently here.
Age verification marches forward on other fronts
It is very easy in most countries in Europe to age verify individuals where the applicable age limit is 18 or above. Accessible online databases exist which would allow that to happen cheaply and fast in real time. The UK's gambling industry has done it very successfully and to no ill effect. True enough it is more difficult to do age verification where the relevant age cut off is below 18 but 18 is a big one. Starting with 18 would not be a bad jumping off point. We should not let the best be the enemy of the good. It need not be all or nothing.
Even where age verification systems are said to exist at the moment, outside of the UK's online gambling industry their effectiveness has never been properly scrutinised or independently assessed. Within the UK the systems currently being used by all of our mobile phone networks to age verify persons before deciding whether or not to allow them access to adult content will no doubt be looked at very closely.
And when companies assure us they have systems in place which can detect under age users and they tell us that under age users are promptly dealt with, typically by having their accounts closed down, how do we know how effective such activity is or the scale on which it is working?
EU moves on the sale of age restricted goods and services
Discussions have started at EU level about a new uniform sales law which would allow for greater harmonization of commercial practices and thereby stimulate economic activity by furthering the single market. As these talks progress it will become apparent that we must act to prevent differences in legal regimes among EU Member States opening up transnational trade in age restricted goods and services e.g. if country A allows the sale of fireworks to persons aged 14 or above and country B specifies 18, can companies in country A lawfully sell and ship fireworks to 14 year olds in country B? The answer should be "No", but is it? And even if it is what enforcement machinery exists?
Earlier I said it was unlikely the EU could agree a single age at which a child is deemed capable of rendering personal data about themselves to third parties without first obtaining parental consent. The same is true here in respect of the ages at which different products or services can be sold to children and young people. These things can be very culturally specific. Subsidiarity may trump all other considerations in this case.
However, it might be possible to reach a pan-EU agreement on a small number of products and services which ought to be and probably are age restricted in every country. Alcohol, tobacco, dating services, pornography and gambling might be the easiest to deal with first.
All the best for next year
There you go. That's yer lot. I very much hope that 2012 brings you as much as possible of what you wish for and as little as possible of what you don't.