Comment by 2OEH8eoCRo0

Comment by 2OEH8eoCRo0 10 months ago

13 replies

I get a feeling that liability is the missing piece in a lot of these issues. Section 230? Liability. Protection of personal data? Liability. Minors viewing porn? Liability.

Lack of liability is screwing up the incentive structure.

brookst 10 months ago

I think I agree, but people will have very different views on where liability should fall, and whether there is a malicious / negligent / no-fault model?

Section 230? Is it the platform or the originating user that's liable?

Protection of personal data? Is there a standard of care beyond which liability lapses (e.g. a nation state supply chain attack exfiltrates encrypted data and keys are broken due to novel quantum attack)?

Minors viewing porn? Is it the parents, the ISP, the distributor, or the creator that's liable?

I'm not here to argue specific answers, just saying that everyone will agree liability would fix this, and few will agree on who should be liable for what.

  • TheOtherHobbes 10 months ago

    It's not a solvable problem. Like most tech problems it's political, not technical. There is no way to balance the competing demands of privacy, security, legality, and corporate overreach.

    It might be solvable with some kind of ID escrow, where an independent international agency managed ID as a not-for-profit service. Users would have a unique biometrically-tagged ID, ID confirmation would be handled by the agency, ID and user behaviour tracking would be disallowed by default and only allowed under strictly monitored conditions, and law enforcement requests would go through strict vetting.

    It's not hard to see why that will never happen in today's world.

    • malfist 10 months ago

      > It's not a solvable problem

      Lawnmower manufacturers said the same thing about making safe lawnmowers. Until government regulations forced them to

  • StanislavPetrov 10 months ago

    >Protection of personal data? Is there a standard of care beyond which liability lapses (e.g. a nation state supply chain attack exfiltrates encrypted data and keys are broken due to novel quantum attack)?

    There absolutely should be, especially for personal data collected and stored without the express written consent of those being surveilled. They should have to get people to sign off on the risks of having their personal data collected and stored, be legally prevented from collecting and storing the personal data of people who haven't consented and/or be liable for any leaking or unlawful sharing/selling of this data.