Taiwan's Digital Intermediary Law is more than Stupid
Yes, this is one of those posts complaning censorship on Gemini again. Consider this as a call for attention as Taiwan (where I live) government tries to push forward a new censorship law. The Digital Intermidary Law is a new law that tries to solve the rampant fake news and disinformation problem in the digital world. However, like most laws, it's a specification of what the NCC (National Communications Commission) wants without any regard how easy it is to abuse the new law. There's no English version of the law yet. IANAL, but I'll do my best to translate into plain English. If you are curious, here's the draft PDF:
There's so much wrong. Not just what's reported on the news. This law fundamentally breaks decentralized systems. Man, the experience reading the C++ spec helped me not falling asleep.
First, the law considers 3 types of providers as intermediary. Which does a good job actually. Basically categorize providers into 3 types. Comms service (IM, social media and ISPs), CDN and storage providers (clould drive). Quote:
The following are considered as digital intermediary service providers
1. Connection service: Providing the service to connect the user to the network or provide the service or the human-to-human communication service.
2. Quick access service: Providing the service to improve the speed of transferring the information to other users through the network, through the intermediary and temporary storage of the information provided by the user.
3. Information storage service: Providing the service to store the information provided by the user according to the user's request.
Now is where the weird part starts. It tries to setup some examptions for providers. First for IM/SM/ISP providers. The 3rd rule makes little-to-no sense. They try to exampt ISPs from liability by exampting if data is processed by an automated algorithm and not modified in any way. But, some ISPs utilise a network wide NAT to avoid using too much IPv4 address space. Which has to modify the user's IP header.
It is also not clear if P2P messaging like Jami is considered a service provider. It's likely the tech-illiterate judges looks at Jami and think "Hmm.. it is an application developed by someone. It's a service". Which is not how Jami works. There's no way people could censor encrypted content over a distributed hash table. They can try sybil attack. But that directly contradicts with the criminal law.
For connection service providers The following are the circumstances under which the information transmitted to the user is not subject to civil and criminal liability:
1. The information is provided by a user's request.
2. The information is not filtered by the receiver.
3. The processing of the information is carried out by automation technology and is not filtered or modified by any filtering or modification.
For storage service. It gets even weirder. Appluse that they tried to exampt services providing client side encryption. Providers are not liable if they themselves cannot decrypt the data. However this breaks decentralized stroage like IPFS and GNUNet FS. There is no way to stop illegal contents on decentralized storage. Every node has to agree to remove said content to actually remove it. Gateway operators can blacklist the URL of illegal contents. But that just causes the Streisand effect. As most these gateways are open source, they are also likely to share the blacklist. But that also means people can just run their own node and directly access the illegal content. By trying to ban said content, you make the access and knowledge of it easier and wider.
For storage service providers. The following are the circumstances under which the information stored by the user is not subject to civil and criminal liability:
1. The provider is not aware of the illegal content and is not able to detect the content as illegal when it is requested for compensation.
2. The provider is aware of the illegal content and immediately removes the content or restricts the access to the content.
Also joke on us. We can't build services that is so secure that providers can't know what's on the platform. Nor we can build services that is so broken that is complies with the law.
Digital intermediary service providers should take care of their privacy and security responsibilities properly.
As if these aren't bad enough. Let's see what's in the introduction. Ahh the rule of "not guilty until proven" is totally out of the window.
Online platform service providers should prioritize handling the notification of the illegal content. This is to ensure the right of the user to save their rights.
And yes. The goverment is always right. There's no way they are also formed by gullable humans. So the goverment have 100% authority to decide what is true and what is not. I see, I see. A lover of 1984.
If a competent authority determines that the information is a false or malicious statement, the provider should request the service provider to add a temporary warning to the information.
That's just the stupidity I can find in 1 hour. I'm sure they broken the entire internet if we consider all the technical details. How GBP, routing, handshake, cache, etc.. works.
Systems software, HPC, GPGPU and AI. I mostly write stupid C++ code. Sometimes does AI research. Chronic VRChat addict
- marty1885 \at protonmail.com
- Matrix: @clehaxze:matrix.clehaxze.tw
- Jami: a72b62ac04a958ca57739247aa1ed4fe0d11d2df