Do something!
They're under huge pressure from governments and media to Do Something. But that "something" is horribly undefined, and we know very well that the kind of things they have to do can't be reliably automated. Nor even reliably assigned to human judgement. Where there are huge grey areas, a US court and a German court might order them to do diametrically opposite things.
This is Doing Something. On a damned-if-you-do, damned-if-you-don't basis.
If it kills off a lot of small biz, it's kind-of closing off a zero-investment business model that's pretty rare outside the 'net. At least it isn't the many-millions cost of getting anything licenced in a safety-critical biz like medicines.
And it probably does reduce the risk of a Big Bad Scandal, by reducing the pool of places from which a Big Bad Scandal could come. So from the point of view of Protecting The Children (etc) it's probably a Good Thing. Throwing the baby out with the bathwater[1] might be seen as a side-effect but is kind-of what they're being told to do.
Maybe a logical next step would be to create a discipline of Auditor for sensitive APIs, and a specific qualification for it. Then you get your app independently audited and signed off in the same way as your accounts. Except we kind-of know how ineffectual that process is from the number of companies going bust with big holes in their accounts after a clean audit.
[1] Does that expression go beyond Blighty, or does it look a bit weird to international readers?
Biting the hand that feeds IT
