Security Experts:

Connect with us

Hi, what are you looking for?



Ten Principles for a New Approach to Regulating the Internet

Elizabeth Warren wants to be the Democrat nominee in the 2020 presidential election. Last week she added a new promise to her manifesto: “It’s time to break up Amazon, Google and Facebook,” she announced.

Elizabeth Warren wants to be the Democrat nominee in the 2020 presidential election. Last week she added a new promise to her manifesto: “It’s time to break up Amazon, Google and Facebook,” she announced. This is not a natural for the modern American psyche — success should be rewarded, not challenged. But she believes the current generation of tech giants are unfairly stifling the next generation of tech success.

“I want to make sure that the next generation of great American tech companies can flourish. To do that, we need to stop this generation of big tech companies from throwing around their political power to shape the rules in their favor and throwing around their economic power to snuff out or buy up every potential competitor,” she said. She calls out Facebook buying Instagram and WhatsApp, Amazon forcing to sell at a discounted rate, and Google buying Waze (2013) and DoubleClick (2007) as examples.

The problem for the tech giants is that this is not just a little local difficulty — there seems to be a worldwide groundswell of concern over the power of the tech giants. A UK parliamentary committee has already described them as acting like ‘digital gangsters‘. This weekend, the UK House of Lords Select Committee on Communications published a new report (PDF): ‘Regulating in a digital world’.

The Lords report covers similar ground to Warren. “Facebook’s acquisition of Instagram was perhaps the biggest recent failure of regulation. Instagram was probably the greatest risk to Facebook’s monopoly, although it was not providing exactly the same service: ‘It was slicing off a part of Facebook that people engage with very strongly, which was the photo-sharing part, and creating a social network that could quite healthily run parallel to Facebook’.”

The report points out that big tech’s misuse of personal data makes the case for further regulation compelling, but concludes: “The need for regulation goes beyond online harms. The digital world has become dominated by a small number of very large companies. These companies enjoy a substantial advantage, operating with an unprecedented knowledge of users and other businesses. Without intervention the largest tech companies are likely to gain more control of technologies which disseminate media content, extract data from the home and individuals or make decisions affecting people’s lives.”

It accepts that in the UK there are already more than a dozen digital world regulators — but just as a patchwork of best-of-breed security can leave gaps in security, so a patchwork of regulators can leave gaps in regulation. “The digital world does not merely require more regulation but a different approach to regulation,” say the Lords. There are two fundamentals to the report proposal: a set of ten agreed principles “that shape and frame all regulation of the internet”, and a new Digital Authority to oversee regulation. 

“In this way,” says the report, “the services that constitute the digital world can be held accountable to an agreed and enforceable set of principles.”

The ten principles are:

Parity. This principle says that whatever is illegal offline should also be illegal online. The practice is not so easy. How can you enforce (as opposed to simply require) age limitations in cyber?

Accountability. There needs to be a process or processes to ensure that both individuals and organizations can be held to account for their actions. Microsoft argues that existing legislation needs to be better enforced, rather than new regulation introduced. But, concludes the report, “The evidence suggests that all parties, including internet platforms, regulators and governments, are failing to ensure access to redress.”

Transparency. This is linked to accountability. Without transparency, accountability cannot be enforced. It is particularly important online because of the imbalance of power between the tech giants and their users. Last summer, Canadian company founder Jackson Cunningham, explained how he had been ‘banned’ by AirBNB, with no explanation and no appeal. “Weíre becoming increasingly dependent on a handful of major tech giants to get through our basic daily routine. Imagine waking up one day and no longer being able to check your Gmail, buy things on Amazon, or book an Uber.” It is this sort of opaque and unaccountable behavior that worries the Lords’ committee.

Openness. Openness is a difficult principle. The internet was built on the principle of openness; but one witness to the committee commented, ìchildrenís best interests have been ignored probably because of the utopian vision that all internet users would be treated equally.î But the report is equally concerned about challenges to that ‘openness’, and calls out net neutrality as a pre-requisite. It also notes that the practice of confining users within a ‘walled garden’ also threatens internet openness.

Privacy. Privacy is an obvious principle. Many people would assume it has been covered by GDPR, but the report suggests there is a gap between what the data protection framework provides and what users expect. It adds, “As technological development increasingly results in connected homes, cars and cities, the balance between convenience and privacy will require debate and must be reflected in clear standards.”

Ethical design. The principle here is that internet technology should not be designed to take advantage of psychological insights. Online gaming is perhaps an example. Some games are psychologically designed to keep players online and paying for in-game extras — the game is secondary to the absorption. The same happens with new applications, where the ability to acquire more personal data is the driving force rather than the benefits of the application.

Recognition of childhood. “Any principle-based approach to regulation,” states the report, “must recognize childrenís rights, their legal status and the concept of childhood.”

Respect for human rights and equality. The tech giants frequently stress how their platforms support human rights by protecting dissidents. However, just as they support rights, they can also take them away. Use of the internet is now so deeply embedded in everyone’s everyday life that removal or impairment of access can affect how we live. “With these benefits come risks,” notes the report. “Several witnesses discussed online abuse and harassment directed against specific groups according to gender, sexuality, race or religion.” But it can also be accidental. The increasing and automatic use of algorithms for censorship within platforms can and does get things wrong.

Education and awareness-raising. The principle here is that this should not be left to parents, teachers and the government. “Tech companies which provide online services,” says the report, “should take responsibility for providing educational tools and raising awareness, including raising awareness of how their services work and potential harms of using them.”

Democratic accountability, proportionality and evidenced-based approach. In some ways, this final principle is directed more at the regulators than the internet companies. The committee seems to accept that bad laws are simply bad. But at the same time, self-regulation doesn’t work. Regulation needs to be evidence-based. “In cases of high risk it may be appropriate to act to prevent harm before the evidence is conclusive.” But if it proves to be a bad regulation, there may need to be some mechanism for reversing that regulation. 

In the United States, Elizabeth Warren wants to reduce the power of the big tech giants. In the UK and throughout Europe, there is growing interest in controlling and perhaps curtailing their power. These are just wish-lists; but are indicative of a worldwide concern that big tech has too great an influence on daily life of the people and political governance of the lawmakers. Together, these proposals indicate that internet companies should not consider GDPR as the final say in regulation, but perhaps just the entree to increasing and expanding regulation.

RelatedPocahontas Descendant on Sen. Elizabeth Warren’s DNA test

Related: Ireland’s Data Protection Commission Reports Multiple GDPR Investigations

Related: Google’s $2.73 Billion Fine Demonstrates Importance of GDPR Compliance 

Related: German Competition Watchdog Demands More Control for Facebook Users 

Related: Is Facebook Out of Control? Investigations and Complaints Are Rising

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.