Hello hello again.

Anyway from Lord Holmes concluding remarks, I suspect Labur is putting as always their head in the sand, and is not willing to change the Computer Misuse Act at this time

[Anyway streaming is being awfully slow for me, so if I am missing anything in this coverage is usually because I have to reload the page and connect again—turning it off and on for the win)]

Lord Kirkhope also supports these amendments, calls on the Govt to work at a faster speed to address these new technolgy issues, again he mentions AI (in this case, he's undisputably right: changes to the CMA1990 are long overdue, and the UK Govt is clearly lagging behind Europe when it comes to AI regulation)

Clement-Jones also points out to the fact that several industries, the cyberup campaign, academics and other stakeholders have all argued in favour of these changes, which would support innovation and reserach in a sector vital for national security

Clement-Jones (LIBDEM) now also intervenes in support of such amendment, he argues it is important to introduce such a legal protection for cybersecurity researchers. He says, the UK is currently at a disadvantage against other countries who have updated their cybercrime laws to address this issue

The long story short is: the Computer Misuse Act criminalises violating the security of an IT system regardless of whether this is being done with fraudolent or malicious intent, or with the aim of testing the security of the system and identifying vulnerabilities. In turn, this exposes cybersecurity researchers to the risk of prosecution for carrying out an all too-important public interest job

That's on me that I had completely missed these amendments. They relate to an important issue I engaged with quite some time ago, although in a rather different consultation https://www.openrightsgroup.org/publications/computer-misuse-act-1990-open-rights-group-submission-to-the-home-office/

Lord Holmes now presents an amendment that would change the computer misuse act to protect cybersecurity researchers from unjust prosecution for their work.

Of course, the more you delay regulation, the more edtech providers will enforce their own norms and regulations, after which they will present these as the status quo. Delaying regulation favours large technology companies and bad actors, not innovation.

I must support the statement above from Clement-Jones: digital technologies have normative power, and edtech providers can choose what data is collected and for what reason, how an individual can interact with it, and what choices, preferences and behaviours are allowed, rewarded, prohibited or punished. The question is never if regulating is needed, but who should be answering these questions: our democratic institutions, or a private edtech provider?

Clement-Jones (LIBDEM) responds: there are real issues here in the edtech sector. “It's premature” is a red flag, he argues, in these kind of debates

Anyway, other Lords intervened to support the need of a Code of Practice for Edtech. Now Baroness Jones (LAB) intervenes, says it would be premature to put these requirement into law but commits to continue engagement with the ICO and to continue work on this issue

I would argue, what we should be concerned about is the several provisions in the DUA Bill that would carve out exemptions from data protection obligations for AI companies for the sake of allowing bogged products and business models to survive instead of “evolve or face extinction”. It is not clear why companies who built upon illegal foundations should now be salvaged instead of facing consequences for their failures

As it stands now, the GDPR is the single most imprtant legal framework that protects individuals from AI system which are using data wthout their consent, which are using this data unfairly, which are taking or informing decisions that affect peoples' lives or their rights.

The GDPR was meant to be technologically neutral and set the rules that future technologies should have complied with in the future (the next 20 years, as the European Commission used to say). While it does not cover all aspects relevant for protecting rights in the field of AI, all GDPR provisions apply for data used by AI systems

Lord Kirkhope intervenes, laments again about the fact that, in designing the GDPR, lawmakers failed to take AI into account. But I need to make an intervention here...

A code, he says, should put a line in the sand, establish clear expectations about what is permissible and what is not

Another Lord takes the floor, laments that schools are already “drowning in guidance”. He says, though, there is difference between guidance and a clear code, that would establish guardrails in this context

The Lord also invites the Lords to involve the Departement for Education on these issues. Finally, he raises the issue of childrens' data being shared with DWP to check entitlement to benefits

These systems need data and a variety of data in order to work, he says. However, he recognises that valid concerns about data uses exists, and so he supports a code of practice for the edtech sector to address these issues