Safeguarding podcast – The Good Samaritan with the ISPA

By Neil Fairbrother

In this safeguarding podcast we discuss with Andrew Kernahan, Head of Public Affairs for the Internet Services Providers’ Association, the industry’s response to the Online Harms white paper. Also covered is the definition of “harm” itself, the “mere conduit” defence, the impact of new technologies such as DNS over HTTPS and whether ISPs can be Good Samaritans.

http://traffic.libsyn.com/safetonetfoundation/The_Good_Samaritan_with_the_ISPA.mp3

Below is a lightly edited for clarity transcript for those that can’t use podcasts or for those that prefer to read.

Neil Fairbrother

Welcome to another edition of the SafeToNet Foundation’s safeguarding podcast where we talk about all things to do with safeguarding children in the online digital context.

The summer of 1976 was a notable one. Not only was it the one of the hottest and longest ones ever in the UK, it was also when the Internet first came to life with a packetized message being sent from a Californian beer garden of all places, all the way to Boston across a number of different networks and networking technologies, which was a first. I doubt that all those years ago, the computer scientists who made that breakthrough happen imagined that millions of children would have cheap portable computers in their pocket, capable of sending high quality video images to anyone at anywhere, at any time.

Here to talk with us today about the modern Internet is Andrew Kernahan of the Internet Services Providers’ Association.

Not many people will have heard about the Internet Services Providers’ Association or the ISPA as it’s known. What is it, what does it do and what’s your role in the organization?

Andrew Kernahan

So my name is Andrew Kernahan as you said, I’m Head of Public Affairs for the ISPA, the Internet Services Providers’ Association. We are a trade association for Internet Service Providers, our members include some of the big household names you would have heard of like BT, Sky, Virgin, and also lots of smaller Internet service providers too that provide services to businesses, but also to consumers using different types of technology, some described as “full fibre”, which is perhaps the new gold standard connectivity that the country is moving towards.

In addition to Internet service providers that provide connectivity, we also have some Internet services providers as members, people that provide hosting services and other types of online services that are perhaps a bit less well known than your actual ISP connectivity, but [who are] very important in this debate as well.

We have about 150 members, that again range from those Access Providers through to Hosts, through to other kinds of online companies as well. We have a Board that provides overall direction to the Association that consists of about 12 members and we work through various subgroups focusing on policy. One of those is Broadband, another looks at Liability and Online Safety and a third looks at Cyber security.

My role at ISPA is Head of Public Affairs, so I lead our day-to-day contact with Government and policy makers, around Internet policy issues. I’ve been involved in this space for about 10 years, I think this is probably my third, maybe my fourth iteration of some kind of online safety strategy and I suppose the key thing I’ve found in the last 10 years is we’ve gone from quite a small issue that would be perhaps page seven of a newspaper to very much front page news, and in reality, one of the biggest issues politically of the day.

Neil Fairbrother

Okay. Before we get to your response on the White Paper, and thank you for sending me a pre-release copy my Sunday morning was taken up with reading it, many people conflate the Internet with the World Wide Web and even social media. So what is the difference between those three things?

Andrew Kernahan

That’s a really good question. I think terms here are really important. ISPA talks about the internet value chain, which sounds like a bit of a mouthful, but it actually is really, really important. The Internet is essentially a connection of interlinked networks and each company, or network, in that chain has a different role to play. So I mentioned at the start that a lot of our members are Internet service providers in the traditional sense. They are essentially connectivity providers and provide you with access to the Internet. So you’ll pay them probably a monthly subscription and they’ll allow you to connect to the Internet and to access the services that you want to connect.

Secondly, you have what we term traditional Hosting providers or Cloud hosting providers, and they host content for companies, organizations and individuals online, but tend not to have much of an editorial role in what they host and they’re quite neutral in what they do.

Then I think the third category we now call Online Platforms and these are essentially companies that have a role to play online in User Generated Content, so think your social media websites for example, and their business model is often about having more of an editorial role in relation to the content. Therefore there are essentially three different types of companies as we see it, each playing their own role.

Another reason why that’s important is the regulatory regime that surrounds the Internet essentially casts different players with different responsibilities too. So whilst I don’t want to jump straight into the eCommerce regulations as they’re known, which are the regulations that underpin a lot of the liability in this area, they also set different responsibilities for different players. So, for example, an Internet service provider like BT is effectively a “mere conduit”’ so they don’t have any liability for what crosses their network unless there’s a legal challenge to do so. Where a Hosting provider might or does have more responsibility to take action when it receives actual knowledge of content it’s hosting that could be illegal, they have to remove that or to take action expeditiously. And then thirdly, there’s a protection around caching for search.

Neil Fairbrother

Okay. Now coming onto your [response to the Government’s] White paper, you mentioned early on that “parental controls” are there to help users manage what content, in particular children, see. But the term “parental controls” means different things to different people. What do you mean by, or what do your members mean by, “parental controls”?

Andrew Kernahan

So the modern form of parental controls that we refer to are a set of technical tools that are provided by their Service Provider to help them [parents] manage and control access to content online. So some of the big consumer ISPs, the household names, I think more than 92% of the consumer market use them, offer their customers free parental controls as part of their service to allow them to manage the different types of content online. And that could be from things like gambling through to online pornography and everything in between, but crucially it gives parents and carers the ability to tailor the Internet connection and the Internet experience that they might want their children to have. This is obviously done in the home by the router, so it covers all devices in the home and provides a good starting point for protecting people online.

But we’ve always said that it’s not a panacea, not a silver bullet, and we also need to talk about the issue as we’re doing here, to raise awareness of the challenges that exist online and how to create that resilience, so that when people do potentially stumble across things or do interact with harmful content, there’s a resilient character there that can that can deal with that kind of content. And it’s worth saying that filters also have a bit of a limitation when it comes to cyberbullying, and that’s obviously much more of a societal sort of challenge. It’s often to do with conduct and contact between two people. It’s not necessarily possible just to put a filter or a technical fix on some of these big challenging issues.

Neil Fairbrother

Indeed and the Online Harms white paper has a table in it with a long list of what they refer to as “well-defined’ harms and “less well-defined harms”, and cyberbullying forms one of the “less well-defined” online harms. In your response to the white paper, you say that “…the ISPA would suggest that the content regulation should be improved for social media platforms related to a clearly defined set of online harms”, but there’s a bunch of online harms that are not clearly defined. So should we have those “less well-defined” online harms defined?

Andrew Kernahan

So really good question, and I think in a way it goes to the heart of the white paper and what we want to see, which is I think something quite effective and targeted. So rather than big attempts to regulate the Internet, as we’ve seen from some quarters, we feel for this to be most effective there is clearly a case to address behaviours and harmful content on particularly social media sites and user generated content. You’re right, the Government sets out I think about 24 different harms in its white paper, and I’m sure there are others too that people would legitimately and genuinely be able to say, actually these are harms too and haven’t been included. So I think it’s important we have a framework that is quite flexible and allows harms to be updated as and when society evolves, because disinformation for example is a big concern at the moment – elections and so forth – a few years ago that this wasn’t really thought of as an issue.

When it comes to things like bullying, I think we’ve always been of the opinion that you start with clearly illegal harms and content, again child online exploitation is a clear, unambiguous harm that everyone can acknowledge. And I think that’s right at the very top. And then you’d build down with things like terrorism and radicalization. Again, a few years ago, the legality around radicalization and terrorism was not clear, and I think the Government tried to step up on that in recent years for obvious and good reasons.

When it comes to defining “harm”, we think more work is needed to actually to do this. This is a white paper. We’re at the start of this of course, and I think things like cyberbullying need to be addressed as part of that definition.

Neil Fairbrother

Yes. You make a very interesting point actuallu that the “concept of harm” should be clearly defined by Government and neither the Online harms white paper nor the Internet Safety Strategy Green paper actually define what is meant by “harm”, at least in the online context. They’ve got a lot of activities listed in the table in the White Paper; Child Sexual Exploitation and Abuse, Intimidation and cyberbullying and so on. They are kind of activities, but they don’t define what “Harm” is. But we do have a definition of “harm”, a dictionary definition, and mine says it’s “physical or mental damage”. So it’s a pretty clear, succinct definition. So if you say that cyberbullying is a form of activity that results in physical or mental damage, is that not enough of a definition to be working on?

Andrew Kernahan

That’s a very good point. I mean we are not the experts when it comes to defining harm. I’m an industry representative, so that’s where we tried to come in to talk about what’s proportionate and what’s effective. You raise a very good point and I think that’s something in which Government and industry, Charities, the third sector and all stakeholders need to consider as we define what is essentially a new regulatory regime here that will start with harm. I think some lawyers, well paid and well qualified lawyers, need to give this the real look over to make sure that it is sensible and proportionate.

Neil Fairbrother

And you’ve proposed that there should be a sliding scale response to these harms, however they may end up being defined. And quite rightly you said that some things are quite straight forward. They are illegal. Illegal is illegal. That’s absolutely true. But it’s a little bit more complex than that because the impact will vary from child to child. One child may not be impacted by an illegal harm, but another may be impacted by a so-called “legal harm”. So impacting in fact it can lead to suicide and we’ve all seen the dreadful headlines in the papers with cyberbullying and bullying leading to young children taking their own lives. So should the sliding scale perhaps be based on impact as opposed to the Harm?

Andrew Kernahan

I think that’s every one way of looking at it, and let’s be clear, we do very much support legal harms being involved in the white paper in this new framework and not just illegal harms because clearly there are significant issues here that have been raised and are being worked through. So yes, we would support that as a potential option. But for us, this is going to have a new regulator. It’s going to have potentially a new offense and a new approach to how we deal with content in this area. So therefore it needs to start with, I suppose, what is in a way the clearest, which is illegal, and then build off of that.

Neil Fairbrother

Talking about the new regulatory framework, you’re differentiating between traditional ISPs, hosting providers and cloud service providers and others, and one of the ways you differentiated between them is to talk about those who have got control over the content. But if you are a social media company, or an organization that relies on user-generated content as opposed to from a relatively small pool of production houses such as the BBC for example. They will go out and they will subcontract content production out, they may do some themselves, but often they’ll contract out to a relatively small number of production houses. But in the user-generated space, you’ve got according to Mary Meeker’s report that’s just come out, pretty much half the world on the Internet these days. There’s absolutely no control [over content], but they [the social media companies] are the ones that need it most. So how is that balance made do you think?

Andrew Kernahan

So there’s going to be a real challenge for the new regulator. I mean we’ve put in our response that the new regulator’s probably required to look at this and to make sure that things like transparency, accountability and proportionality are brought into play. And what that may mean is there’s a structured approach where they can’t go after every single website or a company that could be in scope here because it’s just too vast and therefore a more proportionate approach looking at where, I suppose more harm is potentially being caused because of sheer numbers.

So to give an example, we’re working on age verification at the moment and the regulator in that space, the BBFC who obviously have a long track record of regulating, for want of a better word, on cinema and films and so forth. They have responsibility for regulating age verification of commercial pornographic sites, and they’ve taken an approach which looks at, or will look at when it’s ultimately brought in, the sites with most visitors therefore where more [protection from] harm is required. They will be issuing notices to those companies to act and then if they don’t act, then they will look at ISP blocking, which again takes a proportionate approach to that.

So I think what we need to be careful about here is not going out to people to say that we are going to be able to solve all the problems that the Internet may or may not cause, we need to be more targeted and focused and look at where effect can be had. And for us, that’s starting with user generated content on social media platforms where at the moment it’s a bit of a patchwork really.

There are obviously policies in place and terms and conditions, so things do get removed online, there are ways to challenge and to complain and to contest. But it’s a bit of a patchwork at the minute. And I think that’s where we think the most effect can be had and ultimately that helps younger people and their parents and carers.

Neil Fairbrother

Yes. Now you mentioned earlier the eCommerce directive in reference to the “mere conduit” defence, and I’d like you to explore that a bit. You did very quickly refer to it, what is the “mere conduit” defence for your members and how would it apply?

Andrew Kernahan

So the “mere conduit” defence comes from the eCommerce Directive that was implemented in the UK as the eCommerce Regulations. This gives protections to ISPs in that they are judged as mere conduit. So all of the activity that is transmitted on their network by their customers they’re not legally liable for unless there is another legal protection or legislation that requires them to act.

So, for example, we have this mere conduit defence, but at the same time copyright infringement blocking takes place by a notice to ISPs to block access to sites that infringe copyright. But crucially, a Judge there is making a determination, or a Court is making the determination, as to whether that content needs to be blocked or not.

And I mentioned age verification as well. So again, we have a regulator that’s put in place to essentially pass blocking injunctions to ISPs to get them to block things that happen on their network. So it’s not a Wild West where ISPs are just given this defence as a mere conduit to not care about what happens on the network, but it does mean that where policymakers and society want ISPs and access providers to act, they need to do so, using ideally legal mechanisms so that ISPs aren’t being the sort of judge and jury of online content.

Neil Fairbrother

Okay. Now there’s a fabulous website called Cyberleagle, it’s a blog site, and [the blogger] Graham has a fantastic way of describing the eCommerce Directive, Article 15 of the eCommerce Directive. He describes it as “the stent that helps keep the arteries of the internet open”, which is a very poetic way for a lawyer to be speaking. And he says that there is a risk that this Directive will not be converted into UK law during the process of leaving EU.

I interviewed Baroness Sal Brinton, the President of the Lib Dems, the other day and she said that we are one eighth of the way through converting EU law into UK law. There are something like 8,000 pieces of legislation and we’ve done a thousand. What happens in October? Because there’s a bit of a hard stop there and we may end up falling out of the EU with no deal. So what happens, is this a good thing for us? Does it mean that we can just do our own thing and disregard Article 15 of the eCommerce Directive? Is there a danger that the law might change as it’s being written, changed, converted with no Parliamentary scrutiny?

Andrew Kernahan

That’s a great question, one we’ve obviously asked of Government and are keen for a positive response. We know that they are aware of this and we’ll be looking to ensure that there is no disruption, but of course no deal Brexit planning is a very complicated piece of work they’re working through. And it’s interesting to note that even in Europe they’re looking again, or will be looking again, under the new Commission at the defences under the eCommerce Directive because they’ve been in place for a while now, since the early two thousands, and they’ve been really successful.

They’ve allowed the internet to innovate and services to flourish and to give us this really important digital economy that so many of us rely upon. But I think also in Europe, they’re aware that potentially some further reform of this might be needed. You’re probably aware that in Europe policymaking takes an awful long time and they take a lot of evidence by committees and all of the stuff that you probably should do actually as a policy maker. In the UK, perhaps sometimes we’re a bit quicker to move than they are in Europe, but I hope and I’m sure the UK Government will be keeping abreast, following and hopefully inputting into reforms of the Directive in Europe as well as looking at what we’re doing here in the UK.

Neil Fairbrother

Okay. One of the suggestions you’ve made is that because your members are of different sizes ranging from huge companies such as BT to smaller ones such as Zen Internet, then different tiers of obligation for intermediaries of different sizes and business models would be a good idea. Would that mean that a smaller ISP would be offering less in the way of protection for online harms though? Would it be better if there was a sliding scale of state funding for the smaller operators? As you get smaller, you get more of it so that then all of your members can offer the same kind of protections for these online harms.

Andrew Kernahan

That’s an interesting question to talk about, potentially public funding for that. We’ve always thought it’s important to have choice in the market and transparency around those choices. So at the moment, if you’re customer of one of the big four consumer ISPs, BT, Sky, Virgin, Talk Talk, 91% plus of the market, you have access to parental control filters and other protections.

But you also have the choice to go with an ISP, perhaps a smaller niche ISP, that might offer you an unfiltered connection and in a way it’s up to those companies to decide whether they think that’s the right thing to do for their customers. ISPA’s specific role is supporting the policy in this area and trying to drive up awareness and standards around things like parental control filters. And the UK ISP market is changing, it doesn’t remain static, so I think there’s people that work at the cutting edge on the policy area with different companies, with different positions. We feel it’s important to try and raise standards and have guidance and so forth to help them understand what best practice looks like from an ISPA perspective.

Neil Fairbrother

Yes, and there’s an interesting blog entry on the Andrews & Arnold website, I don’t have any financial interest here, any connection with Andrews & Arnold, I don’t use their service, but they do make a strong play of this and they say in their FAQ guide “We don’t monitor or intersect or block your internet traffic”. But if you’ve got a Government that is bringing in this legislation, they’re saying actually we want you to do this, then is this a problem for companies like them who say we don’t do it. Is there going to be a bit of a fight here?

Andrew Kernahan

Potentially. So far as mentioned this has had been done on a non-statutory footing and more voluntarily. If it does move to a mandatory for all service providers, there are some interesting issues and questions they will have to face. Andrews & Arnold aren’t a member or ISPA and they speak for themselves very loudly and clearly, but they do make clear that they’re offering an unfiltered connection, and they charge more for their services, perhaps more than a household name would. So people are making that I suppose to use the term “active choice” around who they want to be their ISP.

But we still feel that a proportionate approach is the starting point. A lot of the tools and kit that is used to filter and block is expensive and a lot of the smaller companies just don’t have that infrastructure. So there are legitimate questions there as to what that means for the impact on service providers and potentially on the funding of broadband rollout in the future if there are more obligations put upon it.

As I said, ISPA sees itself as someone that’s looking to raise standards and to advise members on what good looks like, and filters and other services clearly have a role to play. But more than that, it needs education, needs awareness, needs a societal approach to what is a huge set of challenges.

Neil Fairbrother

Now you mentioned the word “good” then and in one of your points you say the creation of a “Good Samaritan” principle across the value chain would also help ISPs to tackle online harms. What do you mean by a Good Samaritan principle?

Andrew Kernahan

So going back to our friend, the eCommerce Directive, companies are precluded from taking too much of their own initiative within their networks. I have to find the exact wording to see which Article it is, but there’s essentially no obligation to monitor and when you do, that potentially could lead to some legal issues. So we feel a Good Samaritan clause to allow companies to be more proactive in looking at what’s happening online, potentially if there are trends around different types of content, or what have you. Allowing them to do that would be a bit of a helpful place to be in 2019, I think.

Neil Fairbrother

So when it comes to looking at content online, there’s some technology that’s also getting a lot of air time and that is DNS over HTTPS, which has some great benefits. It’s great for privacy. Perhaps we can explore that a little bit because if it’s great for privacy and makes things a lot more private, which is what it is intended to do and indeed does do, because it encrypts everything, how do you as an ISP look at what’s going on online? Does this new technology make that harder?

Andrew Kernahan

Yes, so again, really good question. I mean to start with, we think encryption is fundamentally a good thing, just want to stress and make that clear. And there’s clearly lots of benefits in DoH, DNS over HTTPS. A lot of the Internet protocols that were put in place 30 plus years ago have remained largely unchanged, and as you said at the start, the Internet has changed beyond recognition in that time. So I think it’s important that the technical standards that are written do look to improve things like privacy and security around the existing protocols. With DNS over HTTPS, again, we just want to make sure the way it’s implemented in the UK allows for the existing protections that UK users have. For example, the filtering we mentioned earlier, some of the blocking obligations, but also just network management and Cybersecurity are still put in place.

So ISPs use the DNS to manage their networks and to block and to filter and all these important things that I think most users have come to expect. By putting in place some encryption around that, as you say, ISPs will no longer be able to see and have full visibility on that, meaning that the obligation either gets passed potentially to a DNS provider or one of the browser operators that are putting in place DNS over HTTPS.

Neil Fairbrother

What is a browser operator?

Andrew Kernahan

Sorry. Yes, good point. So obviously the main browser operator or web browser is Chrome, run by Google, but there’s also Firefox that Mozilla operates, and Edge as well that Microsoft run, and Safari by Apple.

And encrypting the DNS connection between the browser, that browser manufacturer, that company will then have the view of it rather than the Internet Service Provider. And therefore that raises some questions as to, if Government want people to a block or to filter or to take action, if the ISP can no longer do that then where does that obligation sit?

One option is potentially to look at how DNS over HTTPS is implemented locally. And by that I mean in the UK. So if a policy is put in place in the UK by a browser company, they do it in such a way that allows the UK ISP to still manage that DNS in some way, shape or form, allowing them to carry out the existing protections they put in place.

Neil Fairbrother

The Internet Watch Foundation is quite concerned about this, their CTO has posted a blog recently, and as far as they are concerned, this is a bad thing because it means that their child sexual abuse imagery filter lists which are using a DNS look up, if that’s the right term, will become redundant overnight.

Andrew Kernahan

Yes, and that’s a challenge that we are talking to some of the are manufacturers about but also the Internet Watch Foundation, Governments and other policy makers too. I think in the quest to improve privacy and security online, and there is a case to do that, the unintended consequences that can sometimes follow are important and do need to be addressed.

I mentioned that the impact on the IWF, we don’t want any undermining of the Internet Watch Foundation. I don’t think that’s the intention of people that necessarily write these things in the first place, but clearly there’s more to be done here from a technical perspective as well as a policy perspective.

Neil Fairbrother

One of the key principles of the white paper is a Duty of Care. How could an ISP be shown to be discharging a Duty of Care to children in the online digital context?

Andrew Kernahan

So I think it’d be about the services and tools they put in place to help their customers protect themselves or their children or their family. I think that would be the most important way to do so and to work collaboratively with regulators and policymakers and Government and all those that will be inputting into this new regulatory framework.

ISPs don’t have the complete answer to this. I don’t think any one group does. But I think actively engaging in an open way, providing the services that they do, having that relationship with their customers that, again, they do and they’re one of the few people that actually an end user will pay money to online, is your Internet Service Provider. They’re often the first port of call for any problems, good, bad or otherwise.

And I think it’s to continue to invest in education and awareness campaigns like Internet Matters for example. So you may be aware of the organization that was set up by us and our members originally and has grown since, that provides really excellent guidance for parents and children of different ages. I think that’s the way industry can really help support, alongside adjusting to a new regulatory framework. But it’s going to take probably years to come to fruition and it’s important that we get it right.

Neil Fairbrother

Talking about the end users, I noticed that the ISPA doesn’t think that designated bodies should be able to bring a “super complaint” to the regulator. So a “super complaint” is where a thousands of end users get together and funnel one complaint through one particular body. Why don’t you think that consumers should have that ability to bring a “super complaint” against the Internet Services Providers’ industry?

Andrew Kernahan

So I think at the moment there is the ability to do that from an economic harm perspective. Organisations like Which? and other consumer bodies have this responsibility or have this power to campaign in that way. I think given that we’re at the start of something new, we feel that it might be too quick to jump into giving users the ability to be able to do that. Over time as things evolve, potentially there’s a role to play there.

I think to start with, going back to our point and wanting to get this right and therefore wanting to be effective. So just to give an example of the age verification powers, they were supposed to come in last year, but we’re still awaiting that and obviously there are good reasons for that [delay], but I think it’s important that when looking to regulate in the digital world, we take quite small steps, but we take sensible steps too, to get this right and therefore don’t raise the expectations of people and end up disappointing too many.

Neil Fairbrother

Would a lot of the problems that we’re talking about be avoided if two things happen? You talked about age verification, and the minimum age for being on most social media platforms is 13, and that’s to do with the US COPPA legislation. But if the minimum age to be on social media was raised to 16 and a meaningful non-porous or as non-porous as realistically possible age verification or age estimation process was put in, would that stop a lot of the issues we’re talking about, and we focused on doing those two things instead of doing everything else we’ve been talking about?

Andrew Kernahan

I think it’s an interesting question and with age appropriateness and digital identity, they’re not perfect and I’m sure there are ways that people can circumvent and bypass some of the protections here. So I’d be careful of viewing those as the sort of the panacea or the silver bullet that could solve all this. But young people are using these online services and you have to be realistic and reflect the reality, that’s the reality and will continue to be. So perhaps we need to help to provide support and guidance and help for younger people to be able to navigate the digital world, which is for them just the world. They don’t even use the word digital I’m sure, unlike us, perhaps older people.

Neil Fairbrother

So one final question if you don’t mind as I know we’re running out of time. ISPA is running the annual Internet Heroes and Villains poll or competition. So who’s your Internet Hero and who’s your internet Villain?

Andrew Kernahan

So we have a shortlist. The actual ultimate Hero or Villain will be announced on Thursday at our annual awards ceremony, so we can’t afford to give you a sneak preview as to who the hero will be and the villain for that matter. So we have nominations from the public to put together our short list, by social media, by our members and elsewhere.

We have three heroes at the moment, nominated a couple of officials from the DCMS, who helped to do some work around the ITU. Andrew Ferguson, who is the editor of Think Broadband, which is a really helpful site that provides lots of information about the broadband network in the UK and also Tim Berners Lee, everyone knows who Tim Berners Lee is of course [just in case you don’t know, he invented the World Wide Web].

The Villain’s been a bit more contentious as it often is and we have three nominees shortlisted this year. One is Donald Trump, the President of the United States, that’s ostensibly around his role on upsetting t perhaps the Internet global supply chain, around his potential trade war or trade issues with China. We’ve also got Article 13 and the new copyright legislation from Europe, which is obviously, again, this is all a bit light-hearted, we’re not trying to be too serious. And then finally, Mozilla also in there for the way they’re implementing DNS over HTTPS.

So we’ll see what happens, but there’s been an interesting reaction from users on social media, which of course we we’ve taken to take into account. I mean, the villain is a bit of fun really it’s there just to continue the debate around some of these issues and it’s a light-hearted way to do so

Neil Fairbrother

Andrew, thank you so much for your time. We’ve got to wrap it up here. Thanks for the deep dive into your response to the Online Harms white paper. Thank you.

Andrew Kernahan

Thank you