zlacker

I don't understand this decision. Running a website as an individual is a liability risk for all sorts of reasons for which there are simple (and cheap) mitigations. Even if you believe this legislation is a risk, there are options other than shutting down. The overreaction here is no different than when GDPR came in, and we all collectively lost our minds and started shutting things down and then discovered there was zero consequence for mom-and-pop websites. I assume this isn't a genuine post and is actually an attempt at some sort of protest, with no intention of actually shutting down the websites. Or, more likely, they're just old and tired and ready to move on from this period of their life, running these websites.

>>_fjg8+(OP)
What are the simple and cheap mitigations you have in mind?

>>_fjg8+(OP)
I used to frequent the forum about 15 or so years ago. This guy is very level headed and has been around the block a lot. Therefore I don't believe this is purely performative.

>>baggy_+J
Don't run a website personally, set up a separate legal entity. The UK is one of the easiest places in the world to do this and has well-understood legal entities that fit the model of a community-operated organisation (i.e: "community interest company"). The fact that the OP is running such a large community as an individual is bonkers in the first place, independent of this new act.

>>aimazo+12
Personally, I think it's bonkers that an individual can't run an online forum.

>>EpicQu+L
I like and respect the OP and their work. I do not think this is consistent with his previous levelheadedness.

edit: removed unintentional deadnaming

>>_fjg8+(OP)
A fair number of sites hosted and operated outside the European Union reacted to GDPR by instituting blocks of EU users, many returning HTTP 451. Regardless of whether you believe GDPR is a good idea or not (that's beyond the scope of this comment), the disparity in statutory and regulatory approaches plus widely varying (often poor) levels of 'plain language' clarity in obligations, and inconsistent enforcement, it all leads to entirely understandable decisions like this and more of a divided internet.

Thank you to those who have tirelessly run these online communities for decades, I'm sorry we can't collectively elect lawmakers who are more educated about the real challenges online, and thoughtful on real ways to solve them.

>>baggy_+F2
I agree but that ship sailed a decade ago. There's no additional risk with the new bill, it's more of the same. If there are concerns about liability because of this new bill then there should be concerns about liability already.

I sympathise with the OP because at some point everyone becomes too old to deal with the headaches of running a community. I have no opposition to their choice to shut down the forum. I just don't believe liability as a result of the new bill is the reason.

>>aimazo+U2
As I said I haven't frequented the forum for years, so maybe things have changed but I highly doubt this is a knee jerk reaction.

>>aimazo+12
Are you claiming that setting up a CIC removes individual liability for wrongdoing? So, I set up a CIC for running forums, with $0 of assets and negligible running costs, then in the event of a fine I'm scot free?

>>tempfi+H5
Yes. A CIC is just a limited company with some additional community interest obligations. You can set up a limited company to shield yourself from liability (i.e: if your website is sued by a user, your personal assets aren't at risk) and only in exceptional cases (where serious lawbreaking is involved) could you be held personally liable.

Rightly or wrongly, limited companies in the UK provide a high degree of protection for wrongdoing. Defrauding HMRC out of hundreds of thousands of pounds and suffering no consequence is happening day in day out. An Ofcom fine is nothing by comparison.

>>aimazo+Q3
but there is additional risk and liability, because the new act creates more work in order to be compliant (which is what increases the liability), and it increases the risk of being attacked.

there's never been an instance of any of the proclaimed things that this act protects [...] people from, so he should be safe, right?

but despite this, he is already being attacked, and those attacks will not just continue but they are likely to increase because the attack surface has become larger.

>>aimazo+12
It raises the cost and hassle involved from "I need a cheap hosting package" to I need to do paperwork, keep and file accounts, etc.

>>tempfi+H5
Assuming you regard the cost of keeping and filing accounts and other paperwork, annual registration fees, etc. as negligible yes.

>>aimazo+A6
How would that work if someone set up a CIC, used it to rent a VPS and did some grey-hat hacking activities?

>>aimazo+A6
1. Thanks for this very helpful information about how some seemingly quite simple legal manoeuvring can be used to dodge 99% of this law.

2. Doesn't the fact that simple legal manoeuvring can be used to dodge 99% of this law make the law (and laws like it) farcical on its face? Merely an elaborate set of extra hoops that only serves to punish the naive, while increasing everyone's compliance costs?

>>akobol+ad
The law is designed to target large companies that aren't seen as doing enough to prevent harm on the internet. Setting up a CIC doesn't dodge the law, the legal entity (the CIC) remains accountable for conduct on the website. Setting up a CIC removes the risk from the individual website operator because they're no longer operating the website, instead the website is operated by a separate legal entity. The website could still be held accountable for violating the law but the consequence would be the CIC is fined, not the individual behind it. The same principle as any limited liability company.

>>aimazo+Q3
> I just don't believe liability as a result of the new bill is the reason.

It seems like OP is commenting on this thread; you can accuse them of lying directly, if you'd like.

>>aimazo+ce
>the consequence would be the CIC is fined

Does this in practice mean that the original human person would have to pay that fine? What would the consequences likely be for the original human person?

If those consequences remain severe, then it's not a simple legal manoeuvre after all. This reduces farcicality, but also means there's no way for an individual to safely run this kind of website.

If those consequences round to zero, my next question would be: Can a large company spin up a CIC just to shield itself in the same way? (If so, it seems the farce would be complete.)

>>aimazo+ce
In the U.S. we have the concept of "piercing the corporate veil" whereby if you can prove that a LLC (effectively a corporate entity created to shield owner's liability) is a flimsy legal device whose only intent is to skirt laws like this one, you are able to go after the LLC owner personally anyway.

Does the UK have a similar concept?

>>aimazo+U2
thank you for removing the deadname.

>>_fjg8+(OP)
the real risk I see is that as it's written, and as Ofcom are communicating, there is now a digital version of a SWATing for disgruntled individuals.

the liability is very high, and whilst I would perceive the risk to be low if it were based on how we moderate... the real risk is what happens when one moderates another person.

as I outlined, whether it's attempts to revoke the domain names with ICANN, or fake DMCA reports to hosting companies, or stalkers, or pizzas being ordered to your door, or being signed up to porn sites, or being DOX'd, or being bombarded with emails... all of this stuff has happened, and happens.

but the new risk is that there is nothing about the Online Safety Act or Ofcom's communication that gives me confidence that this cannot be weaponised against myself, as the person who ultimately does the moderation and runs the site.

and that risk changes even more in the current culture war climate, given that I've come out, and that those attacks now take a personal aspect too.

the risk feels too high for me personally. it's, a lot.

>>mosbur+Xk
Yes it has the concept. But like the previous poster said, it can only be used in very serious criminal wrongdoing.

>>akobol+Ng
In practice the person would not have to pay the fine. The company would. If the company had no cash to pay it then it could be forced into insolvency.

No a large company can't spin up a CIC to run a business website (because it is not community interest), but it doesn't need to, it is already a limited liability company. However this is not a farce, the limited liability applies to the shareholders, not the company. The company gets fined, and has to pay the fine or risk having its assets siezed.... then the shareholders have lost their company. The liability of the shareholders is limited to the shareholders invested amount, ie the shareholders can't lose any more than they put in. So if the fine was more than the company can afford, the shareholders lose their company, but don't have to pay the rest.

It is not a farce, because losing a profit earning company is bad for a shareholder

>>morkal+3c
If the person committed a criminal offence under the Computer Misuse Act then they would face criminal sanctions, personally.

The Online safety bill gives Ofcom the power to levy regulatory fines, not criminal sanctions, so is very different

>>graeme+4b
Keeping accounts: cost, depends on if you make any money. If you do then you would have to keep accounts even if not a CIC!

Filing accounts: £15. An online form will ask you for your balance sheet summary only unless you are very large.

One off registration:£65

Annual confirmation statement:£34

So depends on your perspective I suppose.

>>jimnot+wK
There are plans to remove the small company p & l exemption and new rules on verifying directors ids. Costs are going up too. It looks like a CIC you can only file online if full accounts. https://find-and-update.company-information.service.gov.uk/a...

You have to keep accounts if a business even if not incorporated. A company has to keep accounts if it has any assets (e.g. a domain) or any financial transactions (e.g. paying for hosting)

You will also probably have to file a tax return. You have to keep a register of shareholders.

In fact if definitely not making a profit a standard ltd might be simpler (or maybe a company limited by guarantee) then a CIC as all a CIC does it add restrictions and extra regulation https://assets.publishing.service.gov.uk/media/5a7b800640f0b...

>>graeme+aO
>You have to keep accounts if a business even if not incorporated

Indeed, so this cost is not relevant to the decision to set up a CIC or not

>>jimnot+lI
Thanks for the explanation. However, there's one thing I've now realised I'm not clear on:

Could a company create a non-CIC sub-company (with ~$0 in assets) to own the website, and thereby shield shareholders of the original company? (If so, I think farcicality is conserved.)

>>baggy_+F2
Personally, I think it's bonkers that you think "I don't have time to comply with the law so I shouldn't have to" is a reasonable position.

>>mosbur+Xk
In a case like the forums in question though you wouldn't set up the LLC so you can skirt the law. You'd set up the LLC and make a good faith attempt to comply with the law.

It may turn out that it is too much work to comply and so you might still need to shut down, but with the LLC you've got a lot more leeway to try without personal risk.

>>jodrel+YY
People who think this law is reasonable are bonkers.

>>baggy_+p51
People who go for reductio ad ad-hom are making low quality internet arguments.

Restauranteurs can't say they don't have time to comply with the law. Construction companies can't. Doctors can't. Why should online service providers be able to?

>>akobol+bR
Yes companies do this kind of thing to try and shield themselves from risk all of the time.

However it probably wouldn't work for a profit seeking company in this case. Big Corp owns Web Corp, and Web Corp owns the site. Which company is operating the site? If it is Web Corp. So when Web Corp gets fined, you lose your site. This is a problem for a profit seeking company, because it lost its value. If Big Corp owned the site, and Web corp operated the site, you may be OK. Your accountancy costs just went through the roof though. Not sure about this law, but some compliance laws treat the group as one whole entity to stop this sort of thing.

Since this applies to laws in general, are you arguing that corporations are a farce? I may be inclined to agree.

Edit: answering your other point, the company could not have no assets, if it owns the site then it has the site as an asset. If it runs the site then it will have cash etc. Etc.

>>jimnot+2P
It is relevant this case. The thread is about moving an activity that is not a business to a company (and for some reason a CIC in particular). If you did it in your own name you would not have to keep accounts.

>>buro9+ou
> the real risk I see is that as it's written, and as Ofcom are communicating, there is now a digital version of a SWATing for disgruntled individuals.

I'm sorry, what precisely do you mean by this? The rules don't punish you for illegal content ending up on your site, so you can't have a user upload something then report it and you get in trouble.

>>jimnot+2w1
I see, thanks.

>So when Web Corp gets fined, you lose your site.

My mind immediately goes in the direction of "Maybe you lost that server, but just buy a new one and change some DNS entries", which isn't free but a lot less than £18M. But maybe there are protections against this kind of scheming? I'd like to think there were.

>If Big Corp owned the site, and Web corp operated the site, you may be OK.

I don't follow -- if Big Corp owns the site, won't it lose everything?

>Since this applies to laws in general, are you arguing that corporations are a farce? I may be inclined to agree.

I think I am actually. They do seem like a way to get something for (almost) nothing (and they seem like they were probably engineered to be this way deliberately).

>>IanCal+2E1
Yes you can https://www.ofcom.org.uk/siteassets/resources/documents/onli...

A forum that isn't proactively monitored (approval before publishing) is in the "Multi-Risk service" category (see page 77 of that link), and the "kinds of illegal harm" include things as obvious as "users encountering CSAM" and as nebulous as "users encountering Hate".

Does no-one recall Slashdot and the https://en.wikipedia.org/wiki/Gay_Nigger_Association_of_Amer... trolls? Such activity would make the site owner liable under this law.

You might glibly reply that we should moderate, take it down, etc... but we, is me... a single individual who likes to go hiking off-grid for a vacation and to look at stars at night. There are enough times when I could not respond in the timely way to moderate things.

This is what I mean by the Act providing a weapon to disgruntled users, trolls, those who have been moderated... a service providing user generated content in a user to user environment can trivially be weaponised, and it will be a very short amount of time before it happens.

Forum invasions by 4chan and others make this extremely obvious.

>>IanCal+2E1
edit - moved across now the comment is alive

>>graeme+XD1
As jimnotgym explained, you don't have to 'keep accounts' in any onerous sense. You just need to keep a rough track of the business's income and expenses (which any sensible person would be doing anyway). No-one at HMRC is going through the accounts of very small businesses with a fine tooth comb. You just tell them how much money you made and pay the taxes on it.

>>IanCal+sT1
> Not sure why the reply buro9 gave is dead

Oh I do... the link... HN must have a word based deny list

>>IanCal+sT1
> Not sure why the reply buro9 gave is dead

I vouched for it, so it should be visible now.

>>foldr+HV1
> You just need to keep a rough track of the business's income and expenses (which any sensible person would be doing anyway

We are not talking about a business here. The whole problem is that these are things that people are doing as essentially voluntary work.

What your saying would be true in a different context, but this is not business. I do not know whether you find it hard to grasp that some people will put a lot of effort into something for motives other than profit.

>>graeme+2Z1
Right, so the 'accounts' are correspondingly simple. Essentially just a list of things the company has purchased.

>>buro9+AS1
> A forum that isn't proactively monitored (approval before publishing) is in the "Multi-Risk service" category (see page 77 of that link),

That's not true, you'd need to conclude you're at a medium or high risk of things happening and consider the impact on people if they do.

> and as nebulous as "users encountering Hate".

But users posting public messages can easily fit into the low risk category for this, it's even one of their examples of low risk.

>>buro9+rX1
Ahh that makes sense.

>>akobol+zL1
> Maybe you lost that server

Everything, ownership of the domain, codebase, digital assets for instance.

> I don't follow -- if Big Corp owns the site, won't it lose everything

Good question If Big Corp owns the domain, codebase, IP etc. and lets Web Corp operate a site using those assets, Big Corp is not responsible for Web Corps transgressions.

A simpler analogy. Big Corp owns a pub, rents it to Web Corp. Web Corp plays music too loud, opens too late and gets fined and loses its alcohol licence. Web Corp is insolvent, but Big Corp still owns the pub.

>>ceinew+Y2
>A fair number of sites hosted and operated outside the European Union reacted to GDPR by instituting blocks of EU users, many returning HTTP 451.

My outlook on doing this is that this is not the way to do it because these things exist:

- EU citizens living in non-EU countries (isn't GDPR supposed to apply EU citizens worldwide?)

- EU citizens using VPN with exit node to/IP address spoofing a non-EU country

Either comply with GDPR or just don't exist, period.

>>FMecha+JL2
China or Russia also have "interesting" data protection / "let's protect children" laws. Some of they also formulated in same way as GDPR so VPN doesn't help. Why should they be ignored? (other than "but it's DIFFERENT thing, EU is good ones")