UN Human Rights Council Warns UK Over Internet Censorship and Privacy

The Office of the United Nations High Commissioner for Human Rights (OHCHR) has today joined ISPs, civil rights groups and others to warn that the UK’s new Digital Economy Bill 2017 lacks “data sharing safeguards” and may damage the vital “right to privacy and the right to freedom of expression.”

The forthcoming bill contains, among many other things, new measures that are designed to protect children by preventing them from being able to access pornographic content online. Originally the idea was simply to protect the optional network-level filtering systems (Parental Controls) that all of the major broadband ISPs already offer to their customers, which had recently come under threat because of the EU’s new Net Neutrality legislation.

All of this was fine, until the bill was suddenly amended to introduce a much stricter set of rules (here and here). As part of that the British Board of Film Classification (BBFC) would effectively be given the power to force Internet Service Providers (ISP) into restricting access to pornographic sites that fail to put “tough age verification measures” in place. However the new approach suffered a number of crucial problems.

Some Key Problems with DEBill Age Verification / Censorship

1. The government focused a lot of its political effort on the word “pornography” in order to win favour with parents, but in the legislation their definition of “adult content” is somewhat more open to interpretation and would perhaps set a dangerous precedent with the threat of mission creep.

2. Speaking of mission creep, several Lords have already suggested that the bill may also cover naughty pictures / videos and “abusive behaviour” that get posted to hugely popular social media websites, such as Twitter (here). A block of Twitter would make the UK look utterly ridiculous. What’s next, blocking Google (e.g. when its Safe Search feature is disabled)?

3. As usual, anybody who wanted to get around such ISP imposed blocks would have no trouble doing so (e.g. VPN, Proxies, HTTPS, DNS changes etc.).

4. The blocks would also apply to websites that exist outside of the UK. Where websites originate in the EU the process will be “compatible with country of origin rules“, which is interesting because most EU states tend to be a lot less puritanical than the UK has recently become.

5. Nobody knows quite how to make an Age Verification system that works, ideally without forcing people to share their private personal and or financial details with unreliable porn peddlers or other “adult sites” (as well as possibly the Government). The infamous ‘Ashley Madison‘ hack showed just how dangerous such information can be in the wrong hands (multiple cases of blackmail and suicide etc.).

6. The cost of implementing such a system isn’t such a huge issue for the big ISPs, but smaller providers could struggle (network-level filtering is neither cheap nor easy). Some ISPs may try to get around this because they already require customers to be over the age of 18.

7. It’s very easy to forget that most adults, usually those without children, don’t want to censor adult websites (here) and indeed a large proportion of adults do access porn online (here).

In keeping with this the United Nations special rapporteur for the protection of human rights and freedom of expression, David Kaye, on Monday wrote an Open Letter to the Government of the United Kingdom that expressed many similar concerns.

For example, Mr Kaye notes the potential use or abuse of private personal data (e.g. your sexual habits and the threat from hacking of related databases), as well as the lack of safeguards to protect such data and the absence of judicial oversight for website blocking (i.e. to prevent poor censorship decisions and to retain independence from politicians / commercial firms).

Finally Mr Kaye expressed “concern at the cumulative effect” of both the DEBill and the new Investigatory Powers Act (IPAct). The latter recently became law and aims to force broadband ISPs into logging a much bigger slice of your Internet activity, irrespective of whether or not you’re even suspected of a crime (here); mind you the latter may be in a spot of trouble (here).

David Kaye said:

“Therefore, while I am cognizant of the need to protect children against harmful content, I am concerned that the provisions under the bill are not an effective way for achieving this objective as they fall short of the standards of international human rights law. The bill contains insufficient procedures without adequate oversight, overly broad definitions and lack of data sharing safeguards that unduly interferes with the rights of freedom of expression and privacy.”

We assume that at this point Mr Kaye stretched out his arm and dropped a microphone, but that probably didn’t happen. Instead he has merely called on the Government to conduct a “comprehensive review” of the new bill to ensure its compliance with international human rights law, which we suspect they’ll probably ignore.

Well if China, Iran, Syria and other states can ignore such things then why not us too? Pesky human rights, down with this sort of filth.. won’t somebody please think of the children etc.

UPDATE:

Speaking of the IPAct, Liberty is launching a crowd-funded legal challenge to the law and you can get involved (here).