Taiwan's Digital Intermediary Law is more than Stupid

Yes, this is one of those posts complaning censorship on Gemini again. Consider this as a call for attention as Taiwan (where I live) government tries to push forward a new censorship law. The Digital Intermidary Law[1] is a new law that tries to solve the rampant fake news and disinformation problem in the digital world. However, like most laws, it's a specification of what the NCC (National Communications Commission) wants without any regard how easy it is to abuse the new law. There's no English version of the law yet. IANAL, but I'll do my best to translate into plain English. If you are curious, here's the draft PDF:

There's so much wrong. Not just what's reported on the news. This law fundamentally breaks decentralized systems. Man, the experience reading the C++ spec helped me not falling asleep.

First, the law considers 3 types of providers as intermediary. Which does a good job actually. Basically categorize providers into 3 types. Comms service (IM, social media and ISPs), CDN and storage providers (clould drive). Quote:

(Chinese)
數位中介服務提供者,指提供下列服務者:
(一)連線服務:指透過通訊網路傳輸由使用者提供之資訊,或提供對通訊網路接取之服務或人際通訊服務。
(二)快速存取服務:指專為提升將資訊轉傳至其他使用者之效率,經由通訊網路自動、中介及暫時儲存由使用者提供資訊之服務。
(三)資訊儲存服務:指依使用者要求,而儲存該使用者所提供資訊之服務。

(English)
The following are considered as digital intermediary service providers
1. Connection service: Providing the service to connect the user to the network or provide the service or the human-to-human communication service.
2. Quick access service: Providing the service to improve the speed of transferring the information to other users through the network, through the intermediary and temporary storage of the information provided by the user.
3. Information storage service: Providing the service to store the information provided by the user according to the user's request.

Now is where the weird part starts. It tries to setup some examptions for providers. First for IM/SM/ISP providers. The 3rd rule makes little-to-no sense. They try to exampt ISPs from liability by exampting if data is processed by an automated algorithm and not modified in any way. But, some ISPs utilise a network wide NAT to avoid using too much IPv4 address space. Which has to modify the user's IP header.

It is also not clear if P2P messaging like Jami is considered a service provider. It's likely the tech-illiterate judges looks at Jami and think "Hmm.. it is an application developed by someone. It's a service". Which is not how Jami works. There's no way people could censor encrypted content over a distributed hash table. They can try sybil attack. But that directly contradicts with the criminal law.

(Chinese)
第九條 連線服務提供者,有下列情形者,對其使用者傳輸之資訊,不負民事及刑事責任:
一、該資訊係由使用者所發動或請求。
二、未篩選該資訊之接收者。
三、資訊之處理係經由自動化技術予以執行,且未就該資訊為任何篩選或修改

(English)
For connection service providers The following are the circumstances under which the information transmitted to the user is not subject to civil and criminal liability:
1. The information is provided by a user's request.
2. The information is not filtered by the receiver.
3. The processing of the information is carried out by automation technology and is not filtered or modified by any filtering or modification.

For storage service. It gets even weirder. Appluse that they tried to exampt services providing client side encryption. Providers are not liable if they themselves cannot decrypt the data. However this breaks decentralized stroage like IPFS and GNUNet FS. There is no way to stop illegal contents on decentralized storage. Every node has to agree to remove said content to actually remove it. Gateway operators can blacklist the URL of illegal contents. But that just causes the Streisand effect[2]. As most these gateways are open source, they are also likely to share the blacklist. But that also means people can just run their own node and directly access the illegal content. By trying to ban said content, you make the access and knowledge of it easier and wider.

(Chinese)
第十一條 資訊儲存服務提供者,有下列情形者,對儲存其使用者要求且提供之資訊,不負民事及刑事責任:
一、對涉嫌違法之內容不知悉,且於他人請求損害賠償時,依顯示之事實,亦不能察覺該內容為明顯違法。
二、知悉涉違法內容後,立即移除該資訊或限制其接取。

(English)
For storage service providers. The following are the circumstances under which the information stored by the user is not subject to civil and criminal liability:
1. The provider is not aware of the illegal content and is not able to detect the content as illegal when it is requested for compensation.
2. The provider is aware of the illegal content and immediately removes the content or restricts the access to the content.

Also joke on us. We can't build services that is so secure that providers can't know what's on the platform. Nor we can build services that is so broken that is complies with the law.

(Chinese)
數位中介服務提供者應依法善盡隱私保護及資通安全管理責任

(English)
Digital intermediary service providers should take care of their privacy and security responsibilities properly.

As if these aren't bad enough. Let's see what's in the introduction. Ahh the rule of "not guilty until proven" is totally out of the window.

(Chinese)
線上平臺服務提供者亦應優先處理認證舉報者針對違法內容提出之通知。另為保障使用者之權利救濟管道

(English)
Online platform service providers should prioritize handling the notification of the illegal content. This is to ensure the right of the user to save their rights.

And yes. The goverment is always right. There's no way they are also formed by gullable humans. So the goverment have 100% authority to decide what is true and what is not. I see, I see. A lover of 1984.

(Chinese)
若各該法規主管機關依調查認為該違反法律強制或禁止規定之資訊為謠言或不實訊息,得要求數位中介服務提供者對該資訊為暫時加註警示之處分。

(English)
If a competent authority determines that the information is a false or malicious statement, the provider should request the service provider to add a temporary warning to the information.

That's just the stupidity I can find in 1 hour. I'm sure they broken the entire internet if we consider all the technical details. How GBP, routing, handshake, cache, etc.. works.

Sigh.

Author's profile
Martin Chang
Systems software, HPC, GPGPU and AI. I mostly write stupid C++ code. Sometimes does AI research. Chronic VRChat addict

I run TLGS, a major search engine on Gemini. Used by Buran by default.


  • marty1885 \at protonmail.com
  • GPG: 76D1 193D 93E9 6444
  • Jami: a72b62ac04a958ca57739247aa1ed4fe0d11d2df