The Government has today confirmed that the new Online Safety Bill will, among many other changes, have another go at introducing a controversial internet age verification system, which will target “all websites” that contain pornographic content. Sites that fail to comply will be blocked by broadband ISPs and mobile operators.
The change would impose a legal duty on such sites to implement “robust checks” to ensure users are aged 18+. If sites fail to act, the independent regulator Ofcom will be able to fine them up to 10% of their annual worldwide turnover or can block them from being accessible in the UK. Bosses of these websites could also be “held criminally liable” if they fail to cooperate with Ofcom.
Regular readers will know that this idea was first proposed via the Digital Economy Act 2017 (summary), but at the time it was only focused upon commercial websites and apps that predominantly contained pornographic content and allowed user-generated content. Under that approach, the British Board of Film Classification (BBFC) would have been handed the responsibility for regulating it, seemingly without any judicial oversight to prevent poor censorship decisions.
Advertisement
By comparison, the new standalone provision ministers are adding to the proposed legislation will require providers who publish or place pornographic content on their services to prevent children from accessing that content. This will capture commercial providers of pornography, as well as the sites that allow user-generated content (i.e. not just PornHub, but social media sites like Twitter too etc.).
Any companies which run such a pornography site which is accessible to people in the UK will be subject to the same enforcement measures as other in-scope services.
Digital Minister, Chris Philp, said:
“It is too easy for children to access pornography online. Parents deserve peace of mind that their children are protected online from seeing things no child should see.
We are now strengthening the Online Safety Bill so it applies to all porn sites to ensure we achieve our aim of making the internet a safer place for children.”
Once again, the onus this time around will be on the companies themselves to decide how to comply with their new legal duty. Ofcom may recommend the use of a growing range of age verification technologies available for companies to use that minimise the handling of users’ data, or so we’re told.
The bill does not mandate the use of specific solutions, but “all companies that use or build this technology will be required to adhere to the UK’s strong data protection regulations or face enforcement action from the Information Commissioner’s Office,” said the government. But often enforcement action tends to come after such systems have failed, and by then the damage could be significant (more on that later).
Advertisement
According to today’s announcement, such age verification technologies “do not require a full identity check.” Users may need to verify their age using identity documents, but the measures companies put in place “should not process or store data that is irrelevant to the purpose of checking age.” Solutions that are currently available include checking a user’s age against details that their mobile operator holds, verifying via a credit card check, and other database checks including government held data, such as passport data.
However, the Government has spent years trying and failing to introduce such an AV system due to a variety of complex issues, and it’s not yet clear whether they’ve actually resolved all of those. For example, we’re not yet convinced that the new system will be able to work without forcing people to share their private personal details with unreliable porn peddlers. The infamous “Ashley Madison” hack highlighted just how dangerous such information could be in the wrong hands (multiple cases of blackmail and suicide etc.).
Executive Director of the Open Rights Group, Jim Killock, said:
“There is no indication that this proposal will protect people from tracking and profiling porn viewing. We have to assume the same basic mistakes about privacy and security may be about to be made again.
The proposal could force people to age verify before using Google search or reading Reddit. This appears to be a huge boon to age verification companies, for little practical benefit for child safety, and much harm to people’s privacy.”
All of this comes before we even get into the complicated question over which ISPs would be required to impose blocks against websites that fail to comply (only the biggest players, or the smallest ones too?), as well as what kind of systems they would be required to adopt in order to filter out those websites (a basic DNS filter is one thing, but more complex and expensive filtering would not be so easy).
Never mind the fact that ISP-level blocking of any type is also merely a placebo, the equivalent of leaving a door wide open with the words “do not enter” stuck outside (i.e. it’s very easy to circumvent) – there’s not a lot that can be done about that without removing the content at source (that’s more of a challenge for international law and regulation).
Advertisement
Meanwhile, many have questioned whether such a system is even necessary since all the major ISPs already offer optional network-level filtering systems, which are usually enabled by default. Lest we also forget that there could be impacts in other areas too, such as on sex workers (i.e. pushing them off-line and back onto the streets). Likewise, there’s the question of freedom of expression (i.e. what is porn and what is not, like general nudity and medical content). Ofcom will have to tread carefully.
The govt should start tackling real issues like the inflation it caused rather than trying to censor opposing views, which is what’s in this bill masquerading as “safety”
The government’s solution to inflation is to stop you from talking about it.
How will this work with sites such as Twitter? Well we have a two tier social media platform or will younger/Unverified users be thrown off the service? Whilst the intentions are honourable, I suspect any technological solution will have shortcomings (rather than letting parents handle the parenting through parental controls)
Even if they just imposed a law that stated all ISPs had to have a content filter, and that the filter had to be enabled by default (but could be switched off or configured later) then that would go a long way and not be too much of a hassle.
There is a huge amount of regular families that just simply install their router and crack on and these two simple steps could protect a lot of kids.
You’re right. Having a default filter by ISP’s should be the way to go.
That way only people with access to the account could change the settings.
I don’t understand why they haven’t thought about this. It would be very easy to impose and regulate by a shared website ban list, similar to the list of websites blocked by court order.
Do we really trust MindGeek that runs a website that itself had illegal material on?
Presuming the checks are UK only, I can imagine VPN providers using this as a selling point.
‘Want access to a large Netflix library? Want to get cheaper prices, want to have a jolly without Boris knowing? Sign up to XXXVPN’
Read the first paragraph again
“introducing a controversial internet age verification system, which will target “all websites” that contain pornographic content.”
Diddly squat to do with Netflix, Boris Johnson or aliens.
@anonymous
I was taking the mick out of VPN adverts/sponsorships, like the ones you typically see on places like Youtube.
I thought the single quotes and context of my post made it clear.
This will have to include Twitter.
For those of you that don’t know, Twitter allows porn and is practically full of it.
Pretty simply to implement without any government intervention. ISPs/mobile providers should have a content filter (on by default) within the account, then perhaps parents could actually do some parenting and manage what their children can view.
At least in my day when I was a kid, the naughty ‘magazines’ and ‘VHS’ were kept well hidden…. 😉
For those that are suggesting it would be better to require ISPs to offer content filtering in the form of parental controls, many do this already. The software is by no means perfect but it does at least provide a degree of protection, although the filtering can often be circumvented by more knowledgeable children (locking the devices down properly helps).
The problem is that some of the new Internet standards, as well as some currently in development, may well bypass the content filtering software that is commonly used in homes, schools and many businesses. Note that the same standards also make it easier for malware to successfully infiltrate and operate from your devices.
How does this address those issues, though? Are we in for blunt address-based blocking?
That should be exciting with shared hosting.
I guess we circumvent that by giving the government what they’ve wanted for years – heavy control over cryptography and access to keys.
What could go wrong? The Home Secretary, Culture Secretary and their boss seem a really trustworthy bunch. No chance they’ll try and abuse such access, right?
Very slippery slope, and I wouldn’t trust the people wanting to set us on it to do an off licence run let alone have access to my keys. They can already compel password disclosure, that should be enough.
Yes let’s punish and restrict everyone else because people don’t know how to control or explain real life to their kids again with the save the children stuff, if you have kids it’s your job to protect them and raise them not everyone else’s you need to learn how to enable the already available products and pay for better ones if needed and educate yourself on how too do it and if you kid does it without your permission you need to be a parent and enforce your rules not blame everyone else
This is stupid having to give out your credit card. Isn’t fraud rife already without giving every adult site under the sun your credit card number just to watch something. You might as well just add an extra trillion onto the fraud deficit for banks to manage if that is the case as that is what will happen.
The thing the govermnent doesn’t seem to understand is, when they come out with these provisions. The one group of people on earth who will be able to circumvent it, is the teenagers themselves and not the 50 plus year olds. Its like having child protection lids on medicines when the kids are often the only ones who can actually open them.
I’m guessing they in charge are getting fed up with people looking at foreign women naked instead of British women?
This country has gone cencorship crazy with freedom of speech and expression being eroded away by the back door. What’s next the Great UK Firewall.
‘What’s next the Great UK Firewall.’
Yes. Implemented by ISPs based on government requirements.
https://www.gov.uk/government/news/online-safety-law-to-be-strengthened-to-stamp-out-illegal-content
Note the bit about proactive content filtering.
To those suggesting ISPs should have filtering on by default – they do, any new connection to a large ISP has filters enabled and you have to turn them off. This system has been in place since 2013.
Somethings odd to me. The original legislation is still on the statute just not executed. Why are they waisting time with this new peace of legislation when they can just inact the current one. This just makes me hope it’s all talk.
See https://www.gov.uk/government/news/online-safety-law-to-be-strengthened-to-stamp-out-illegal-content for what this does.
Should be quite entertaining at least when certain kinds of aggressive trolling are made illegal.
Anyone who believes this is going to prevent teenagers from viewing internet pornography is deluded and/or ignorant.
A better solution would be parents being more open and honest with their children, plus comprehensive and compulsory sex and relationship education, which isn’t judgemental and doesn’t shy away from awkward subjects. However the evangelical fundamentalists pushing for these restrictions are opposed to that also.
So basically, it’s going to be a pain for users and site operators. It will potentially mean that these third party sites will end up requiring registration and therefore the storing of user data which leaves users even more exposed to cyber attacks and data theft.