Melon Farmers Original Version

BBFC Internet Porn Censors


BBFC: Age Verification We Don't Trust


 

For sale, a dodgy panacea for all internet ills...

Parasitic age and identity verification companies are lobbying parliament calling forfull identity verification for all open interaction on the internet


Link Here 7th June 2021
The Digital Policy Alliance is a campaign group most notably lobbying parliament in support of the age and identity verification trade.

The group has just published a lobbying paper sent to parliamentarians calling for full identity verification requirements to use any internet service offering open interaction with other users.

The group writes:

Neither banning anonymity nor absolute anonymity are fit for purpose. The risks posed by anonymity, and requirements for verification, are different for different use cases. Different types of online activity require different levels of accountability and/or different attributes to be verified.

Regulation therefore shouldn't impose a one size fits all approach on all businesses. Instead, it should set minimum standards to ensure that platforms can't just wash their hands of the challenges of ensuring accountability or the risks associated with anonymity. If a platform fails to take an effective know your user approach, or ensure that its users can be held accountable for their behaviour or their content, then the platform should be held accountable instead.

 

 

BBC political bias...

BBC misleadingly describes man criticising the government over failed age verification for porn as a concerned father when in fact he is a religious pastor


Link Here9th May 2021
The BBC published a report advocating government censorship of adult material in the name of preventing access by under 18s.

The BBC highlighted criticism of the government's failed age verification law by a concerned father and a student. The BBC misleadingly failed to mention that the concerned father was also a campaigning clergyman.

The BBC chose to foreground two people for their slanted reporting, one of them a man named Ioannis Dekas, only described as a father of four sons who allegedly became concerned after he found one of his boys had accessed pornography.

The report however, completely neglected to mention the fact that Dekas is a clergyman, which seems material to his participation in her piece. Dekas is listed online as Campus Pastor of Doxa Deo Community Church in London. His Twitter biography reads, Passionate about God, my family, the local Church, worship, music and Chelsea FC.

The BBC reporter also quoted another supposed authority who turns out to be the mouthpiece for a religiously-inspired nonprofit. Vanessa Morse is only identified as the head of the Centre to End All Sexual Exploitation. The group is not further characterized by the BBC in any manner that would be relevant to their opinions on the subject. In fact CEASE UK is a religiously-inspired sex work abolitionist group with an avowed mission to eradicate all pornography.

 

 

Problem gamblers seek to recover their losses...

Age Verification companies win a judicial review of the government's decision to shelve its flawed porn censorship scheme


Link Here 17th July 2020
A coalition of age verification companies have won the first round of their legal action against the Government in a bid to force ministers to introduce a shelved internet porn censorship scheme that would provide the companies with an income.The companies launched an appeal last year, saying they developed software that was never used.

A judge ruled that age verification companies, backed by children's charities, have an arguable case that the Culture Secretary exceeded her powers by deciding not to implement the ban, which had been voted for by Parliament .

The ruling means the claimants can now take the case to a judicial review, which could overturn the Government's decision.

Plans to introduce an age verification scheme were shelved in October last year, perhaps because the law did not provide any provision for keep very dangerous ID and porn browsing data private and safe. At the time, ministers said the age verification scheme as defined in the Digital Economy Act 2017 would be superceded by forthcoming Duty of Care legislation.

In court, the Government argued that ministers had not exceeded their powers and that circumstances had radically altered since the porn ban legislation was originally passed.

 

 

Yet another example demonstrating the dangers identifying yourself as a porn user...

Virgin Media details customer porn access data that it irresponsibly made openly available on the internet


Link Here6th March 2020
A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites.

The researchers who first discovered the database told the BBC that it contained more information than Virgin Media suggested. Such details could be used by cyber-criminals to extort victims.

Virgin revealed on Thursday that one of its marketing databases containing details of 900,000 people was open to the internet and had been accessed on at least one occasion by an unknown user.

On Friday, it confirmed that the database contained details of about 1,100 customers who had used an online form to ask for a particular website to be blocked or unblocked. It said it was in the process of contacting customers again about specific data that may have been stolen.

When it first confirmed the data breach on Thursday, Virgin Media warned the public that the database contained phone numbers, home addresses and emails, however the company did not disclose that database contained more intimate details.

A representative of TurgenSec, the research company said Virgin Media's security had been far from adequate. The information was in plain text and unencrypted, which meant anyone browsing the internet could clearly view and potentially download all of this data without needing any specialised equipment, tools, or hacking techniques.

A spokeswoman for the ICO said it was investigating, and added:

People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn't happen, we advise people who may have been affected by data breaches to be vigilant when checking their financial records.

Virgin Media said it would be emailing those affected, in order to warn them about the risks of phishing, nuisance calls and identity theft. The message will include a reminder not to click on unknown links in emails, and not to provide personal details to unverified callers.

 

 

Extract: Porn is not the root of all evil...

As a sociology professor, I've studied and conducted my own research about the myths parents have accepted. Let me tell you, adult entertainment isn't nearly as damaging as poor sex education


Link Here 5th February 2020

  A new British Board of Film Classification (BBFC) study has found that British teenagers regularly watch porn, and that parents are unaware or in denial about it. Surprising? No. But the results do reveal something interesting about how readily we accept so many misconceptions about porn.

As media reports on the study indicates, young people are watching porn without their parents knowing. My own research found that young people chose to watch porn and found ways around their parents' strategies to stop them. The problems they encountered related to their parents' punishments and not their porn consumption.

The theory of why porn is harmful is that consumers will start to adopt troubling aspects of it in their attitudes and behaviours. But that's a limited and simplistic perspective of how people watch porn. It is a monkey see, monkey do theory of consumption where people are passive consumers of a script that they entirely accept and then act out themselves. It is far easier to blame porn for young people's sexual interests than to recognize that young people are interested in sex.

We are now almost inundated with research that counters the harmful porn narrative. Research is also now focusing on the potential benefits of watching porn. Just as the BBFC study reportedly finds young people watching porn as a form of sex education, research documents several educational benefits for young people: helping them understand their sexual identities, explore sexual fantasies in a safe environment, and educate themselves about sexual health.

...Read the full article from independent.co.uk

 

 

Young People, Pornography and Age-verification...

Research commissioned by the BBFC reveals that internet porn is part of normal life for 16 and 17 year olds, just like the over 18s


Link Here 31st January 2020
The most immediately interesting point is that the BBFC has elected not to promote the research that they commissioned and not to publish it on their website. Maybe this simply reflects that the BBFC no longer has the job of internet porn censor. The job looks set to be handed over to Ofcom as part of the government's upcoming online harms bill.

The study by Revealing Reality combined a statistically representative survey of secondary school-age children with in-depth interviews and focus groups with parents. It found that adult material was a prominent feature in British childhood. Almost half of teenagers aged 16 and 17 said they had recently seen pornography, with the researchers believing this figure is substantially lower than the true figure because of respondents' awkwardness when faced with the question.

While 75% of parents did not believe their children would have watched pornography, the majority of these parents' children told the researchers that they had viewed adult material.

The report also found that while parents thought their sons would watch pornography for sexual pleasure, many erroneously believed their daughters would primarily see pornography by accident. It said: This is contrary to the qualitative research findings showing that many girls were also using pornography for sexual pleasure.

The researchers said that one side effect of early exposure to online pornography is that gay, lesbian or bisexual respondents often understood their sexuality at a younger age. It was common for these respondents to start by watching heterosexual pornography, only to realise that they did not find this sexually gratifying and then gradually move to homosexual pornography.

The research very much affirms the government campaign to seek restrictions on porn access for children and notes that such measures as age verification requirements are unsurprisingly supported by parents.

However the research includes a very interesting section on the thoughts of 16 and 17 year olds who have passed the age of consent and unsurprisingly use porn on just about the same way as adults who have nominally passed the official, but not the biological and hormonal, age of maturity.

The report uses the term 'young people' to mean 16 - 18 year olds (included in the survey as speaking about their views and experiences as 16 and 17 year olds). The report notes:

While recognising the benefits of preventing younger children accessing pornography, young people had some concerns about age-verification restrictions. For example, some young people were worried that, in the absence of other adequate sources of sex education, they would struggle to find ways to learn about sex without pornography.

This was felt particularly strongly by LGB respondents in the qualitative research, who believed that pornography had helped them to understand their sexuality and learn about different types of sexual behaviours that they weren't taught in school.

Some young people also felt that the difference in the age of consent for having sex20416204and the age at which age-verification is targeted20418204was contradictory. They also struggled to understand why, for instance, they could serve in the armed forces and have a family and yet be blocked from watching pornography.

Young people also seemed well versed in knowing methods of working around age verification and website blocking:

The majority of parents and young people (aged 16 to 18) interviewed in the qualitative research felt that older children would be able to circumvent age-verification by a range of potential online workarounds. Additionally, many 16- to 18-year-olds interviewed in the qualitative work who could not identify a workaround at present felt they would be able to find a potential method for circumventing age-verification if required.

Some of the most commonly known workarounds that older children thought may potentially negate
age-verification included:

  • Using a VPN to appear as if you are accessing adult content from elsewhere in the world
  • Torrenting files by downloading the data in chunks
  • Using Tor (the ‘onion’ router) to disguise the user’s location
  • By accessing the dark web
  • By using proxy websites

Maybe the missed another obvious workaround, sharing porn amongst themselves via internet messaging or memory sticks.

 

 

Unsafe law...

Elspeth Howe introduces a House of Lords Bill Private Member's Bill to resurrect the deeply flawed and unsafe age verification requirements for adult porn websites


Link Here22nd January 2020
The Age Verification for porn requirements inlcuded in the 2017 Digital Economy Acts were formally cancelled in October 2019. The 2017 was deeply flawed in omission of any effective requirements to keep porn users identity and browsing data safe. In addition the regime of enforcing the rules through BBFC censorship and ISP blocking were proving troublesome and expensive.

It is also interesting to note that the upcoming Online Harms bill has also been stripped of its ISP blocking enforcement options. I suspect that the police and security forces would rather not see half the population hidng their internet usage behind Tor and VPNs just so they can continue accessing porn.

For whatever reasons the government quite rightly considered that it would be a whole lot easier just to fine companies when they get it wrong and leave all the expensive technical details of how to to do this to the websites themselves. (This approach has worked well for gambling websites, where AV has been achieved without having to employ censors to make them toe the line).

So I don't tink the government will be interested in supporting the virtue signal lords and the bill will not be given time to get anywhere.

Elspeth Howe's short bill was introduced in the House of Lords on 21st January 2020 and reads:

Digital Economy Act 2017 (Commencement of Part 3) Bill

A bill to bring into force the remaining sections of Part 3 of the Digital Economy Act 2017.

1 The Secretary of State must make regulations under section 118(6) (commencement) of the Digital Economy Act 2017 to ensure that all provisions under Part 3 (online pornography) of that Act have come into force before 4 January 2021.

2 Extent, commencement and short title:

  1. This Act extends to England and Wales, Scotland and Northern Ireland.

  2. This Act comes into force on the day on which it is passed.

  3. This Act may be cited as the Digital Economy Act 2017 (Commencement of Part 3) Act 2020.

 

 

Commented: Verified as out of pocket...

Four companies hoping to profit from cancelled porn age verification go to court seeking compensation from the government


Link Here 18th January 2020
Four age verification companies have launched legal action to challenge the government's decision to cancel the censorship scheme requiring age verification for access to internet porn. The companies have lodged a judicial review at the High Court Thursday.

The Telegraph understands the companies are arguing the decision was an abuse of power as the move had been approved by parliament. They are also claiming damages, understood to be in the region of £3 million, for losses sustained developing age verification technology.

The four companies behind the judicial review - AgeChecked Ltd, VeriMe, AVYourself and AVSecure - are arguing the secretary of state only had power to choose when the scheme came into force, not scrap it in the form passed by Parliament.

The legal action has been backed by campaigners from the Children's Charities' Coalition for Internet Safety (CCCIS), which represents organisations including the NSPCC and Barnardo's.

The CEO of AVSecure, Stuart Lawley, a British tech entrepreneur who made his fortune in the dotcom boom, said he had personally lost millions creating the technology. He said the company, which is behind other parental control apps such as Ageblock, had been preparing for up to 10 million people signing up for the service on day one.

Comment: Age Verification Judicial Review endangers UK citizens' privacy

18th January 2020. See article from openrightsgroup.org

Reacting to the Judicial Review launched by Tech companies to force Age Verification for adult content to be implemented Jim Killock, Executive Director of the Open Rights Group said:

These companies are asking us to trust them with records of millions of people's sexual preferences, with huge commercial reasons to use that data for profiling and advertising.

The adult industry has a terrible record on data security. We're being asked to hope they don't repeat the many, many times they have lost personal data, with the result that blackmail scams and worse proliferates.

The government did the responsible thing when it admitted its plans were not ready to proceed. Age Verification must not be pushed forward until there is compulsory privacy regulation put in place.

The companies behind the legal action are not subject to tight privacy regulations. Instead, the government can only ask for voluntary privacy commitments.

General data protection law is not sufficient for this industry as data breaches of this nature cannot be fixed by fines. They need to be prevented by the toughest and most specific regulation available.

 

 

But the idea failed because politicians like her didn't give a damn about the safety of adults...

Elspeth Howe threatens a House of Lords private members bill to reactivate the recently cancelled age verification censorship scheme for internet porn


Link Here12th January 2020
Elspeth Howe announced her intentions in a House of Lords debate about the Queen's Speech. She said:

My Lords, I welcome the Government's commitment to introduce its online harms Bill to improve internet safety for all, but, equally, stress that I remain deeply concerned by their failure to implement Part 3 of the Digital Economy Act. The rationale for focusing on the new Bill instead seems to be a desire to put attempts to protect children from pornographic websites on the same footing as attempts to protect them on social media platforms. It is entirely right to seek to promote safety in both contexts, but a basic error to suggest that both challenges should be addressed in the same way. The internet is complicated and one-size-fits-all policies simply will not work.

The focus of what I have read about the Government's plans for online harms revolves around social media companies and fining them if they do not do what they are supposed to do under a new legal duty of care. An article in the Times on 31 December suggested that Ofcom is going to draw up legally enforceable codes of practice that will include protecting children from accessing pornography. This approach may work for social media platforms if they have bases in the UK but it will be absolutely useless at engaging with the challenge of protecting children from pornographic websites.

Initially when the Digital Economy Bill was introduced in another place, the proposal was that statutory age-verification requirements should be enforced through fines, but a cross-party group of MPs pointed out that this would never work because the top 50 pornographic websites accessed in the UK are all based in other jurisdictions. One could certainly threaten fines but it would be quite impossible to enforce them in a way that would concentrate the minds of website providers because, based in other jurisdictions, they could simply ignore them.

Because of that, MPs amended the Bill to give the regulator the option of IP blocking. This would enable the regulator to tell a site based in say, Russia, that if it failed to introduce robust age-verification checks within a certain timeframe, the regulator would block it from accessing the UK market. Children would be protected either by the site being blocked after the specified timeframe or, more probably, by the site deciding that it would make more sense for it to introduce proper age-verification checks rather than risk disruption of its UK income stream. The Government readily accepted the amendment because the case for it was unanswerable.

I say again that I welcome the fact that the Government want to address online safety with respect to social media platforms through their new Bill. This must not, however, be used as an excuse not to proceed with implementing Part 3 of the Digital Economy Bill, which provides the very best way of dealing with the different challenge of protecting children from pornographic websites.

The failure to implement this legislation is particularly concerning because, rather than being a distant aspiration, it is all there on the statute book. The only thing standing in the way of statutory age verification with respect to pornographic websites is the Government's delay in relaying the BBFC age-verification guidance before Parliament and setting an implementation date. Having the capacity to deal with this problem204thanks to Part 3 of the Digital Economy Act204yet not bothering to avail ourselves of it does not reflect at all well on either the Government or British society as a whole. The Government must stop procrastinating over child safety with respect to pornographic websites and get on with implementing Part 3.

Mindful of that, on 21 January I will introduce my Digital Economy Act 2017 (commencement of Part 3) Bill, the simple purpose of which will be to implement Part 3 of the Digital Economy Act .

I hope that that will not be necessary and that the Minister will today confirm that, notwithstanding the new online safety Bill, the Government will now press ahead with implementation themselves. I very much look forward to hearing what the Minister has to say.

 

 

Retirement age verified...

The official letter putting an end to the BBFC's designation as the UK internet porn censor


Link Here 8th January 2020
I was just wondering if the ICO's Age Appropriate Design documentation had been published anywhere on the parliamentary website and spotted this official document marking the end of the BBFC's tenure as the UK's porn censor.

Matt Warman, a minister at the DCMS, signed the revocation of the BBFC's internet censorship powers on 31st October 2019. The notice reads:

Department for Digital, Culture Media & Sport

NOTICE TO REVOKE DESIGNATION OF AGE-VERIFICATION REGULATOR UNDER DIGITAL ECONOMY ACT 2017

The Secretary of State for Digital, Culture, Media and Sport hereby revokes, in exercise of the power in section 16(3)(a) of the Digital Economy Act 2017 ("the 2017 Act"), the designation of the British Board of Film Classification as the age verification regulator made under section 16(1) of the 2017 Act on 21 February 2018 for the purposes of the following functions:

  • a. section 18 (regulator's power to require information);

  • b. section 19(2) and (11) (enforcement by regulator of section 14);

  • c. section 21 (notice by regulator to payment-services providers and ancillary service providers);

  • d. section 23 (regulator's power to require internet service providers to block access to material), subject to section 24 (no power to give notice under section 23(1) where detrimental to national security etc);

  • e. section 25 (guidance to be published by regulator);

  • f. section 26 (exercise of functions by regulator); and

  • g. section 28 (requirements for notices given by regulator under this Part) (to the extent that this applies in relation to the giving of notices by the British Board of Film Classification under the provisions listed in this paragraph).

Matt Warman
Minister for Digital and Broadband on behalf of the Secretary of State
#1st October 2019.

 

 

How about a Government Harms Bill?...

The Government reveals that it spent 2.2 million on its failed Age Verification for porn policy and that doesn't include the work from its own civil servants


Link Here 25th October 2019

More than £2m of taxpayers' money was spent preparing for the age verification for porn censorship regime before the policy was dropped in early October, the government has revealed.

The bulk of the spending, £2.2m, was paid to the BBFC to do the detailed work on the policy from 2016 onwards. Before then, additional costs were borne by the Department for Digital, Culture, Media and Sport, where civil servants were tasked with developing the proposals as part of their normal work.

Answering a written question fromthe shadow DCMS secretary, Tom Watson, Matt Warman for the government added: Building on that work, we are now establishing how the objectives of part three of the Digital Economy Act can be delivered through our online harms regime.

It is not just government funds that were wasted on the abortive scheme. Multiple private companies had developed systems that they were hoping to provide age verification services.

The bizarre thing was all this money was spent when the government knew that it wouldn't even prevent determined viewers from getting access to porn. It was only was only considered as effective from blocking kids from stumbling on porn.

So all that expense, and all that potential danger for adults stupidly submitting to age verification, and all for what?

Well at least next time round the  government may consider that they should put a least a modicum of thought about people's privacy.

It's not ALL about the kids. Surely the government has a duty of care for adults too. We need a Government Harms bill requiring a duty of care for ALL citizens. Now that would be a first!

 

 

A verified dud...

The government cancels current plans for age verification requirements for porn as defined in the Digital Economy Act. It will readdress the issue as part of its Online Harms bill


Link Here16th October 2019
Nicky Morgan, Secretary of State for Digital, Culture, Media and Sport, issued a written statement cancelling the government's current plans to require age verification for porn. She wrote:

The government published the Online Harms White Paper in April this year. It proposed the establishment of a duty of care on companies to improve online safety, overseen by an independent regulator with strong enforcement powers to deal with non-compliance. Since the White Paper's publication, the government's proposals have continued to develop at pace. The government announced as part of the Queen's Speech that we will publish draft legislation for pre-legislative scrutiny. It is important that our policy aims and our overall policy on protecting children from online harms are developed coherently in view of these developments with the aim of bringing forward the most comprehensive approach possible to protecting children.

The government has concluded that this objective of coherence will be best achieved through our wider online harms proposals and, as a consequence, will not be commencing Part 3 of the Digital Economy Act 2017 concerning age verification for online pornography. The Digital Economy Act objectives will therefore be delivered through our proposed online harms regulatory regime. This course of action will give the regulator discretion on the most effective means for companies to meet their duty of care. As currently drafted, the Digital Economy Act does not cover social media platforms.

The government's commitment to protecting children online is unwavering. Adult content is too easily accessed online and more needs to be done to protect children from harm. We want to deliver the most comprehensive approach to keeping children safe online and recognised in the Online Harms White Paper the role that technology can play in keeping all users, particularly children, safe. We are committed to the UK becoming a world-leader in the development of online safety technology and to ensure companies of all sizes have access to, and adopt, innovative solutions to improve the safety of their users. This includes age verification tools and we expect them to continue to play a key role in protecting children online.

The BBFC sounded a bit miffed about losing the internet censor gig. The BBFC posted on its website:

The introduction of age-verification on pornographic websites in the UK is a necessary and important child protection measure. The BBFC was designated as the Age-verification Regulator under the Digital Economy Act 2017 (DEA) in February 2018, and has since worked on the implementation of age-verification, developing a robust standard of age-verification designed to stop children from stumbling across or accessing pornography online. The BBFC had all systems in place to undertake the role of AV Regulator, to ensure that all commercial pornographic websites accessible from the UK would have age gates in place or face swift enforcement action.

The BBFC understands the Government's decision, announced today, to implement age-verification as part of the broader online harms strategy. We will bring our expertise and work closely with government to ensure that the child protection goals of the DEA are achieved.

I don suppose we will ever hear the real reasons why the law was ditched, but I  suspect that there were serious problems with it. The amount of time and effort put into this, and the serious ramifications for the BBFC and age verification companies that must now be facing hard times must surely make this cancelling a big decision.

It is my guess that a very troublesome issue for the authorities is how both age verification and website blocking would have encouraged a significant number of people to work around government surveillance of the internet. It is probably more important to keep tabs on terrorists and child abusers rather than to lose this capability for the sake of a kids stumbling on porn.

Although the news of the cancellation was reported today, Rowland Manthorpe, a reporter for Sky News suggested on Twitter that maybe the idea had already been shelved back in the summer. He tweeted:

When @AJMartinSky and I  broke the news that the porn block was being delayed again, we reported that it was on hold indefinitely. It was. Then our story broke. Inside DCMS a sudden panic ensued. Quickly, they drafted a statement saying it was delayed for 6 months

 

 

Innovatively endangering internet porn viewers...

BBFC's Chief Censor, David Austin, is named in Business Insider's UK Top Tech 100


Link Here 13th October 2019

David Austin, CEO of the BBFC, has been named in Business Insider's UK Top Tech 100 for the BBFC's work on age-verification under the Digital Economy Act.

Every year, Business Insider publishes the UK Tech 100 204 a list of the 100 most interesting, innovative, and influential people shaping the UK tech scene. David Austin is a new entry, and enters the list at number 96.

David Austin said:

I'm very pleased to be included in the UK tech 100 on behalf of the BBFC. It's recognition of the innovation that the BBFC brings to developing regulatory solutions to help families and protect children in the online space.

Under the Digital Economy Act 2017, all online commercial pornography services accessible from the UK will be required to carry age-verification controls to prevent children from seeing content that isn't appropriate for them. Nor may they carry extreme pornography. These services mainly take the form of websites and apps.

The UK Government appointed the BBFC as the Age-verification Regulator because of the BBFC's expertise in regulating pornography; its understanding of age verification; and knowledge of online regulation.

 

 

Censors not standing still...

Nicky Morgan announces that the government's porn censorship measure has now been properly registered with the EU


Link Here 6th October 2019
House of Commons, 3rd October 2019.

The Secretary of State for Digital, Culture, Media and Sport (Nicky Morgan):

THon. Members will be aware of our ongoing work to keep people safe online and our proposals around age verification for online pornography. I  wish to notify the House that the standstill period under the EU's technical services and regulations directive expired at midnight last night. I  understand the interest in this issue that exists in all parts of the House, and I  will update the House on next steps in due course.

 

 

Offsite Article: IPVanish pitches to keep porn users safe from age verification...


Link Here2nd August 2019
How would the UK adult content block harm digital rights?

See article from ipvanish.com

 

 

Negligent UK lawmakers devised an age verification scheme with no data protection for porn users...

Now it appears that users who try to protect themselves with VPNs may be unknowingly handing their browsing data over to the Chinese government


Link Here17th July 2019

ICO's Data Protection Training
The Pavlov Method
 
nodding dog
 ☑  Yes I won't read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won't read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like 'to make my viewing experience better'
 ☑  Yes, no need to ask, I'll tick anything
With callous disregard for the safety of porn users, negligent lawmakers devised an age verification scheme with no effective protection of porn users' identity and porn browsing history.

The Government considered that GDPR requirements, where internet users are trainer to blindly tick a box to give consent to the internet companies doing what the fuck they like with your data. Now internet users are well conditioned like Pavlov's dog to tick the hundreds of tick boxes they are presented with daily. And of course nobody ever reads what they are consenting to, life's too short.

After a while the government realised that the total lack of data protection for porn users may actually prevent their scheme form getting off the ground, as porn users simply would refuse to get age verified. This would result in bankrupt AV companies and perverse disinsentives for porn websites. Those that implement AV would then experience a devastating drop off in traffic and those that refuse age verification would be advantaged.

So the government commissioned a voluntary kitemark scheme for AV companies to try and demonstrate to auditors that they keep porn identity and browsing history safely. But really the government couldn't let go of its own surveillance requirements to keep the browsing history of porn users. Eventually some AV companies won the right to have a scheme that did not log people's browsing history, but most still do maintain a log (justified as 'fraud protection' in the BBFC kitemark scheme description).

well Now it appears that those that try to avoid the dangers of AV via VPNs may be not s safe as they would hope. The Henry Jackson Society has been researching the VPN industry and has found that 30% of VPNs are owned by Chinese companies that have direct data paths to the Chinese government.

Surely this will have extreme security issues as privately porn using people could then be set up for blackmail or pressure from the Chinese authorities.

The government needs to put an end to the current AV scheme and go back to the drawing board. It needs to try again, this time with absolute legal requirements to immediately delete porn users identity data and to totally ban the retention of browsing logs.

Anyway, the Henry Jackson Society explains its latest revelations:

Chinese spies could exploit Government's new porn laws to gather compromising material on businessmen, civil servants and public figures, say think tanks.

They say Chinese firms have quietly cornered the market in technology that enables people to access porn sites without having to register their personal details with age verification firms or buy an age ID card in a newsagent.

The new law require those accessing porn sites to prove they are 18 but the checks and registration can be by-passed by signing up to a Virtual Private Network (VPNs). These anonymise the location of a computer by routing its traffic through a server based at remote locations.

It has now emerged through an investigation by security experts that many of the VPNs are secretly controlled by Chinese owned firms -- as many as 30% of the networks worldwide.

It means that a VPN users' viewing habits and data can not only be legally requested by the Chinese Government under its lax privacy laws but the VPNs could themselves also be state-controlled, according to the Adam Smith Institute and Henry Jackson Society.

Sam Armstrong, spokesman for the Henry Jackson Society, said:

A list of billions of late-night website visits of civil servants, diplomats, and politicians could -- in the wrong hands -- amount to the largest-ever kompromat file compiled on British individuals.

Those in sensitive jobs are precisely the types of individuals who would seek to use a VPN to circumvent the trip to the newsagent to buy a porn pass.

Yet, the opaque ownership of these VPNs by Chinese firms means there is a real likelihood any browsing going through them could fall into the hands of Chinese intelligence.

 

 

Today's the day when porn internet censorship was to have begun...

Margot James apologises for the delay whilst the Open Rights Group points out the scheme is still not safe for porn viewers


Link Here15th July 2019

ICO's Data Protection Training
The Pavlov Method
 
nodding dog
 ☑  Yes I won't read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won't read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like 'to make my viewing experience better'
 ☑  Yes, no need to ask, I'll tick anything

Digital Minister Margot James has apologised for the six-month delay on the so-called porn block, which had been due to take effect today (16th July). It is designed to force pornography websites to verify users are over 18.

But the law has been delayed twice - most recently because the UK government failed to properly notify European regulators. James told the BBC:

I'm extremely sorry that there has been a delay. I know it sounds incompetent. Mistakes do happen, and I'm terribly sorry that it happened in such an important area,

Of course the fundamental mistake is that the incompetent lawmakers cared only about 'protecting the children' and gave bugger all consideration to the resulting endangerment of the adults visiting porn sites.

It took the government months, but it finally started to dawn on them that perhaps they should do something to protect the identity data that they are forcing porn users to hand over that can then be pinned to their porn browsing history. They probably still didn't care about porn users but perhaps realised that the scheme would not get of the ground if it proved so toxic that no one would ever sign up for age verification at all.

Well as a belated after thought the government, BBFC and ICO went away to dream up a few standards that perhaps the age verifiers ought to be sticking to try and ensure that data is being kept safe.

So then the whole law ended up as a bag of worms. The authorities now realise that there should be level of data protection, but unfortunately this is not actually backed up by the law that was actually passed. So now the data protection standards suggested by the government/BBFC/ICO are only voluntary and there remains nothing in law to require the data actually be kept safe. And there is no recourse against anyone who ends up exploiting people's data.

The Open Rights Group have just written an open letter to the government to ask that government to change their flawed law and actually require that porn users' data is kept properly safe:

The Rt Hon Jeremy Wright QC MP Secretary of State for Digital, Culture, Media and Sport

Re: BBFC Age Verification Privacy Certification Scheme

Dear Secretary of State,

We write to ask you to legislate without delay to place a statutory requirement on the British Board of Film Classification (BBFC) to make their privacy certification scheme for age verification providers mandatory. Legislation is also needed to grant the BBFC powers to require compliance reports and penalise non-compliant providers.

As presently constituted, the BBFC certification scheme will be a disaster. Our analysis report, attached, shows that rather than setting out objective privacy safeguards to which companies must adhere, the scheme allows companies to set their own rules and then demonstrate that these are being followed. There are no penalties for providers which sign up to the standard and then fail to meet its requirements.

The broadly-drafted, voluntary scheme encourages a race to the bottom on privacy protection. It provides no consistent guarantees for consumers about how their personal data will be safeguarded and puts millions of British citizens at serious risk of fraud, blackmail or devastating sexual exposure.

The BBFC standard was only published in April. Some age verification providers have admitted that they are not ready. Others have stated that for commercial reasons they will not engage with the scheme. This means that the bureaucratic delay to age verification's roll-out can now be turned to advantage. The Government needs to use this delay to introduce legislation, or at the least issue guidance under section 27 of the Digital Economy Act 2017, that will ensure the privacy and security of online users is protected.

We welcome the opportunity to bring this issue to your attention and await your response.

Yours sincerely,

Jim Killock Executive Director Open Rights Group

 

 

Belatedly filed...

The EU notes that it has now received notification of the BBFC rules on censoring adult porn


Link Here2nd July 2019
The implementation of teh UK's new pron censorship regime was recently delayed by 6 months due not not filing the details with the EU as required by European law. Well the BBFC censorship rules have now been duly filed.

The EU websites note that they were filed on 1st July 2019 and there is now a period for people to comment up until 2nd October 2019.

When announcing the delay censorship minister Jeremy Wright noted that at the end of this period another month or so may required to respond to comments.

The EU website noted above provides for comments but maybe only MEPs and the like can hold of the process by asking questions or making comments. Or perhaps any European can comment.

 

 

Offsite Article: Don't let the porn block give MindGeek a monopoly...


Link Here28th June 2019
Age Verification providers that don't provide a way into Pornhub will only get the crumbs from the AV table

See article from medium.com

 

 

Offsite Article: Verifiably Stupid...


Link Here24th June 2019
The UK Porn Block's Latest Failure. By David Flint

See article from reprobatepress.com

 

 

Who pays for Age Verification? You do of course...one way or another!...

Maybe its a good job the government has delayed Age Verification as there are a still a lot of issues to resolve for the AV companies


Link Here21st June 2019
The AV industry is not yet ready

The Digital Policy Alliance (DPA) is a private lobby group connecting digital industries with Parliament. Its industry members include both Age Verification (AV) providers, eg OCL, and adult entertainment, eg Portland TV.

Just before the Government announcement that the commencement of adult verification requirements for porn websites would be delayed, the DPA wrote a letter explaining that the industry was not yet ready to implement AV, and had asked for a 3 month delay.

The letter is unpublished but fragments of it have been reported in news reports about AV.

The Telegraph reported:

The Digital Policy Alliance called for the scheme to be delayed or risk nefarious companies using this opportunity to harvest and manipulate user data.

The strongly-worded document complains that the timing is very tight, a fact that has put some AVPs [age verification providers] and adult entertainment providers in a very difficult situation.

It warns that unless the scheme is delayed there will be less protection for public data, as it appears that there is an intention for uncertified providers to use this opportunity to harvest and manipulate user data.
 

The AV industry is  unimpressed by a 6 month delay

See article from news.sky.com

Rowland Manthorpe from Sky News contributed a few interesting snippets too. He noted that the AVPs were unsurprisingly not pleased by the government delay:

Serge Acker, chief executive of OCL, which provides privacy-protecting porn passes for purchase at newsagents, told Sky News: As a business, we have been gearing up to get our solution ready for July 15th and we, alongside many other businesses, could potentially now be being endangered if the government continues with its attitude towards these delays.

Not only does it make the government look foolish, but it's starting to make companies like ours look it too, as we all wait expectantly for plans that are only being kicked further down the road.
 

There are still issues with how the AV providers can make money

And interestingly Manthorpe revealed in the accompanying video news report that the AV providers were also distinctly unimpressed by the BBFC stipulating that certified AV providers must not use Identity Data provided by porn users for any other purpose than verifying age. The sensible idea being that the data should not be made available for the the likes of targeted advertising. And one particular example of prohibited data re-use has caused particular problems, namely that ID data should not be used to sign people up for digital wallets.

Now AV providers have got to be able to generate their revenue somehow. Some have proposed selling AV cards in newsagents for about £10, but others had been planning on using AV to generate a customer base for their digital wallet schemes.

So it seems that there are still quite a few fundamental issues that have not yet been resolved in how the AV providers get their cut.
 

Some AV providers would rather not sign up to BBFC accreditation

See article from adultwebmasters.org

Maybe these issues with BBFC AV accreditation requirements are behind a move to use an alternative standard. An AV provider called VeriMe has announced that it has the first AV company to receive a PAS1296 certification.

The PAS1296 was developed between the British Standards Institution and the Age Check Certification Scheme (ACCS). It stands for Public Accessible Specification and is designed to define good practice standards for a product, service or process. The standard was also championed by the Digital Policy Alliance.

Rudd Apsey, the director of VeriMe said:

The PAS1296 certification augments the voluntary standards outlined by the BBFC, which don't address how third-party websites handle consumer data, Apsey added. We believe it fills those gaps and is confirmation that VeriMe is indeed leading the world in the development and implementation of age verification technology and setting best practice standards for the industry.

We are incredibly proud to be the first company to receive the standard and want consumers and service providers to know that come the July 15 roll out date, they can trust VeriMe's systems to provide the most robust solution for age verification.

This is not a very convincing argument as PAS1296 is not available for customers to read, (unless they pay about 120 quid for the privilege). At least the BBFC standard can be read by anyone for free, and they can then make up their own minds as to whether their porn browsing history and ID data is safe.

However it does seem that some companies at least are planning to give the BBFC accreditation scheme a miss.
 

The BBFC standard fails to provide safety for porn users data anyway.

See article from medium.com

The AV company 18+ takes issue with the BBFC accreditation standard, noting that it allows AV providers to dangerously log people's porn browsing history:

Here's the problem with the design of most age verification systems: when a UK user visits an adult website, most solutions will present the user with an inline frame displaying the age verifier's website or the user will be redirected to the age verifier's website. Once on the age verifier's website, the user will enter his or her credentials. In most cases, the user must create an account with the age verifier, and on subsequent visits to the adult website, the user will enter his account details on the age verifier's website (i.e., username and password). At this point in the process, the age verifier will validate the user and, if the age verifier has a record the user being at least age 18, will redirect the user back to the adult website. The age verification system will transmit to the adult website whether the user is at least age 18 but will not transmit the identity of the user.

The flaw with this design from a user privacy perspective is obvious: the age verification website will know the websites the user visits. In fact, the age verification provider obtains quite a nice log of the digital habits of each user. To be fair, most age verifiers claim they will delete this data. However, a truly privacy first design would ensure the data never gets generated in the first place because logs can inadvertently be kept, hacked, leaked, or policies might change in the future. We viewed this risk to be unacceptable, so we set about building a better system.

Almost all age verification solutions set to roll out in July 2019 do not provide two-way anonymity for both the age verifier and the adult website, meaning, there remains some log of?204?or potential to log -- which adult websites a UK based user visits.

In fact one AV provider revealed that up until recently the government demanded that AV providers keep a log of people's porn browsing history and it was a bit of a late concession to practicality that companies were able to opt out if they wanted.

Note that the logging capability is kindly hidden by the BBFC by passing it off as being used for only as long as is necessary for fraud prevention. Of course that is just smoke and mirrors, fraud, presumably meaning that passcodes could be given or sold to others, could happen anytime that an age verification scheme is in use, and the time restriction specified by the BBFC may as well be forever.

 

 

Age Verification for porn delayed by 6 months...

Jeremy Wright apologises to supporters for an admin cock-up, and takes the opportunity to sneer at the millions of people who just want to keep their porn browsing private and safe


Link Here 20th June 2019
Jeremy Wright, the Secretary of State for Digital, Culture, Media and Sport addressed parliament to explain that the start data for Age Verification scheme for porn has been delayed by about 6 months. The reason is that the Government failed to inform the EU about laws that effect free trade (eg those that that allow EU websites to be blocked in the UK). Although the main Digital Economy Act was submitted to the EU, extra bolt on laws added since, have not been submitted. Wright explained:

In autumn last year, we laid three instruments before the House for approval. One of them204the guidance on age verification arrangements204sets out standards that companies need to comply with. That should have been notified to the European Commission, in line with the technical standards and regulations directive, and it was not. Upon learning of that administrative oversight, I instructed my Department to notify this guidance to the EU and re-lay the guidance in Parliament as soon as possible. However, I expect that that will result in a delay in the region of six months.

Perhaps it would help if I explained why I think that six months is roughly the appropriate time. Let me set out what has to happen now: we need to go back to the European Commission, and the rules under the relevant directive say that there must be a three-month standstill period after we have properly notified the regulations to the Commission. If it wishes to look into this in more detail204I hope that it will not204there could be a further month of standstill before we can take matters further, so that is four months. We will then need to re-lay the regulations before the House. As she knows, under the negative procedure, which is what these will be subject to, there is a period during which they can be prayed against, which accounts for roughly another 40 days. If we add all that together, we come to roughly six months.

Wright apologised profusely to supporters of the scheme:

I recognise that many Members of the House and many people beyond it have campaigned passionately for age verification to come into force as soon as possible to ensure that children are protected from pornographic material they should not see. I apologise to them all for the fact that a mistake has been made that means these measures will not be brought into force as soon as they and I would like.

However the law has not been received well by porn users. Parliament has generally shown no interest in the privacy and safety of porn users. In fact much of the delay has been down belatedly realising that the scheme might not get off the ground at all unless they at least pay a little lip service to the safety of porn users.

Even now Wright decided to dismiss people's privacy fears and concerns as if they were all just deplorables bent on opposing child safety. He said:

However, there are also those who do not want these measures to be brought in at all, so let me make it clear that my statement is an apology for delay, not a change of policy or a lessening of this Government's determination to bring these changes about. Age verification for online pornography needs to happen. I believe that it is the clear will of the House and those we represent that it should happen, and that it is in the clear interests of our children that it must.

Wright compounded his point by simply not acknowledging that if, given a choice people, would prefer not to hand over their ID. Voluntarily complying websites would have to take a major hit from customers who would prefer to seek out the safety of non-complying sites. Wright said:

I see no reason why, in most cases, they [websites] cannot begin to comply voluntarily. They had expected to be compelled to do this from 15 July, so they should be in a position to comply. There seems to be no reason why they should not.

In passing Wright also mentioned how the government is trying to counter encrypted DNS which reduces.  the capabilities of ISPs to block websites. Instead the Government will try and press the browser companies into doing their censorship dirty work for them instead:

It is important to understand changes in technology and the additional challenges they throw up, and she is right to say that the so-called D over H changes will present additional challenges. We are working through those now and speaking to the browsers, which is where we must focus our attention. As the hon. Lady rightly says, the use of these protocols will make it more difficult, if not impossible, for ISPs to do what we ask, but it is possible for browsers to do that. We are therefore talking to browsers about how that might practically be done, and the Minister and I will continue those conversations to ensure that these provisions can continue to be effective.

 

 

Offsite Comment: Bloody stupid idea...


Link Here18th June 2019
Porn Block Demonstrates the Government Is More Concerned With Censorship Than Security

See article from gizmodo.co.uk

 

 

Offsite Article: The UK porn block is now one month away, and it's still a terrible idea...


Link Here16th June 2019
Filtering filth won't save the children, but the block could be bad news for you. By Carrie Marshall

See article from techradar.com

 

 

Logging your porn history (in the name of fraud yer know)...

Open Rights Group Report: Analysis of BBFC Age Verification Certificate Standard June 2019


Link Here14th June 2019

Executive Summary

The BBFC's Age-verification Certificate Standard ("the Standard") for providers of age verification services, published in April 2019, fails to meet adequate standards of cyber security and data protection and is of little use for consumers reliant on these providers to access adult content online.

This document analyses the Standard and certification scheme and makes recommendations for improvement and remediation. It sub-divides generally into two types of concern: operational issues (the need for a statutory basis, problems caused by the short implementation time and the lack of value the scheme provides to consumers), and substantive issues (seven problems with the content as presently drafted).

The fact that the scheme is voluntary leaves the BBFC powerless to fine or otherwise discipline providers that fail to protect people's data, and makes it tricky for consumers to distinguish between trustworthy and untrustworthy providers. In our view, the government must legislate without delay to place a statutory requirement on the BBFC to implement a mandatory certification scheme and to grant the BBFC powers to require reports and penalise non-compliant providers.

The Standard's existence shows that the BBFC considers robust protection of age verification data to be of critical importance. However, in both substance and operation the Standard fails to deliver this protection. The scheme allows commercial age verification providers to write their own privacy and security frameworks, reducing the BBFC's role to checking whether commercial entities follow their own rules rather than requiring them to work to a mandated set of common standards. The result is uncertainty for Internet users, who are inconsistently protected and have no way to tell which companies they can trust.

Even within its voluntary approach, the BBFC gives providers little guidance to providers as to what their privacy and security frameworks should contain. Guidance on security, encryption, pseudonymisation, and data retention is vague and imprecise, and often refers to generic "industry standards" without explanation. The supplementary Programme Guide, to which the Standard refers readers, remains unpublished, critically undermining the scheme's transparency and accountability.

Recommendations

  • Grant the BBFC statutory powers:

  • The BBFC Standard should be substantively revised to set out comprehensive and concrete standards for handling highly sensitive age verification data.

  • The government should legislate to grant the BBFC statutory power to mandate compliance.

  • The government should enable the BBFC to require remedial action or apply financial penalties for non-compliance.

  • The BBFC should be given statutory powers to require annual compliance reports from providers and fine those who sign up to the certification scheme but later violate its requirements.

  • The Information Commissioner should oversee the BBFC's age verification certification scheme

Delay implementation and enforcement:

Delay implementation and enforcement of age verification until both (a) a statutory standard of data privacy and security is in place, and (b) that standard has been implemented by providers.

Improve the scheme content:

Even if the BBFC certification scheme remains voluntary, the Standard should at least contain a definitive set of precisely delineated objectives that age verification providers must meet in order to say that they process identity data securely.

Improve communication with the public:

Where a provider's certification is revoked, the BBFC should issue press releases and ensure consumers are individually notified at login.

The results of all penetration tests should be provided to the BBFC, which must publish details of the framework it uses to evaluate test results, and publish annual trends in results.

Strengthen data protection requirements:

Data minimisation should be an enforceable statutory requirement for all registered age verification providers.

The Standard should outline specific and very limited circumstances under which it's acceptable to retain logs for fraud prevention purposes. It should also specify a hard limit on the length of time logs may be kept.

The Standard should set out a clear, strict and enforceable set of policies to describe exactly how providers should "pseudonymise" or "deidentify" data.

Providers that no longer meet the Standard should be required to provide the BBFC with evidence that they have destroyed all the user data they collected while supposedly compliant.

The BBFC should prepare a standardised data protection risk assessment framework against which all age verification providers will test their systems. Providers should limit bespoke risk assessments to their specific technological implementation.

Strengthen security, testing, and encryption requirements:

Providers should be required to undertake regular internal and external vulnerability scanning and a penetration test at least every six months, followed by a supervised remediation programme to correct any discovered vulnerabilities.

Providers should be required to conduct penetration tests after any significant application or infrastructure change.

Providers should be required to use a comprehensive and specific testing standard. CBEST or GBEST could serve as guides for the BBFC to develop an industry-specific framework.

The BBFC should build on already-established strong security frameworks, such as the Center for Internet Security Cyber Controls and Resources, the NIST Cyber Security Framework, or Cyber Essentials Plus.

At a bare minimum, the Standard should specify a list of cryptographic protocols which are not adequate for certification.

 

 

Offsite Article: 18 Rated Porn And BBFC Hypocrisy...


Link Here 10th June 2019
When is a porn film not a porn film?

See article from reprobatepress.com

 

 

Offsite Article: A reminder that age verification for porn is an unnecessary risk that is easily avoided...


Link Here22nd May 2019
Proposed controversial online age verification checks could increase the risk of identity theft and other cyber crimes, warn security experts

See article from computerweekly.com

 

 

Ramping up the encrypted internet to protect against the dangers of age verification...

Firefox has a research project to integrate with TOR to create a Super Private Browsing mode


Link Here21st May 2019
Age verification for porn is pushing internet users into areas of the internet that provide more privacy, security and resistance to censorship.

I'd have thought that security services would prefer that internet users to remain in the more open areas of the internet for easier snooping.

So I wonder if it protecting kids from stumbling across porn is worth the increased difficulty in monitoring terrorists and the like? Or perhaps GCHQ can already see through the encrypted internet.

RQ12: Privacy & Security for Firefox

Mozilla has an interest in potentially integrating more of Tor into Firefox, for the purposes of providing a Super Private Browsing (SPB) mode for our users.

Tor offers privacy and anonymity on the Web, features which are sorely needed in the modern era of mass surveillance, tracking and fingerprinting. However, enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale. Academic research is just getting started with regards to investigating alternative protocol architectures and route selection protocols, such as Tor-over-QUIC, employing DTLS, and Walking Onions.

What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? And would they preserve Tor properties? Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like?

 

 

Offsite Article: How The New UK Porn Block Could Put Independent Sex Workers At Risk...


Link Here15th May 2019
Age verification measures pose a tangible threat to sex workers' income and safety.

See article from elle.com

 

 

The Porn Channel...

The Channel Islands is considering whether to join the UK in the censorship of internet porn


Link Here13th May 2019

As of 15 July, people in the UK who try to access porn on the internet will be required to verify their age or identity online.

The new UK Online Pornography (Commercial Basis) Regulations 2018 law does not affect the Channel Islands but the States have not ruled out introducing their own regulations.

The UK Department for Censorship, Media and Sport said it was working closely with the Crown Dependencies to make the necessary arrangements for the extension of this legislation to the Channel Islands.

A spokeswoman for the States said they were monitoring the situation in the UK to inform our own policy development in this area.

 

 

Offsite Article: How the U.K. Won't Keep Porn Away From Teens...


Link Here 4th May 2019
The New York Times takes a sceptical look at the upcoming porn censorship regime

See article from nytimes.com

 

 

Tightening the purse strings...

BBFC warns that age verification should not be coupled with electronic wallets


Link Here 4th May 2019
The BBFC has re-iterated that its Age Verification certification scheme does not allow for personal data to be used for another purpose beyond age verification. In particular age verification should not be coupled with electronic wallets.

Presumably this is intended to prevent personal date identifying porn users to be dangerously stored in databases use for other purposes.

In passing, this suggests that there may be commercial issues as age verification systems for porn may not be reusable for age verification for social media usage or identity verification required for online gambling. I suspect that several AV providers are only interested in porn as a way to get established for social media age verification.

This BBFC warning may be of particular interest to users of the porn site xHamster. The preferred AV option for that website is the electronic wallet 1Account.

The BBFC write in a press release:

The Age-verification Regulator under the UK's Digital Economy Act, the British Board of Film Classification (BBFC), has advised age-verification providers that they will not be certified under the Age-verification Certificate (AVC) if they use a digital wallet in their solution.

The AVC is a voluntary, non-statutory scheme that has been designed specifically to ensure age-verification providers maintain high standards of privacy and data security. The AVC will ensure data minimisation, and that there is no handover of personal information used to verify an individual is over 18 between certified age-verification providers and commercial pornography services. The only data that should be shared between a certified AV provider and an adult website is a token or flag indicating that the consumer has either passed or failed age-verification.

Murray Perkins, Policy Director for the BBFC, said:

A consumer should be able to consider that their engagement with an age-verification provider is something temporary.

In order to preserve consumer confidence in age-verification and the AVC, it was not considered appropriate to allow certified AV providers to offer other services to consumers, for example by way of marketing or by the creation of a digital wallet. The AVC is necessarily robust in order to allow consumers a high level of confidence in the age-verification solutions they choose to use.

Accredited providers will be indicated by the BBFC's green AV symbol, which is what consumers should look out for. Details of the independent assessment will also be published on the BBFC's age-verification website, ageverificationregulator.com, so consumers can make an informed choice between age-verification providers.

The Standard for the AVC imposes limits on the use of data collected for the purpose of age-verification, and sets out requirements for data minimisation.

The AVC Standard has been developed by the BBFC and NCC Group - who are experts in cyber security and data protection - in cooperation with industry, with the support of government, including the National Cyber Security Centre and Chief Scientific Advisors, and in consultation with the Information Commissioner's Office. In order to be certified, AV Providers will undergo an on-site audit as well as a penetration test.

Further announcements will be made on AV Providers' certification under the scheme ahead of entry into force on July 15.

 

 

Fundamentally flawed and not fit for purpose...

Well known security expert does a bit of a hatchet job on the BBFC Age Verification Certificate Standard


Link Here 27th April 2019

Starting with a little background into the authorship of the document under review. AVSecure CMO Steve Winyard told XBIZ:

The accreditation plan appears to have very strict rules and was crafted with significant input from various governmental bodies, including the DCMS (Department for Culture, Media & Sport), NCC Group plc (an expert security and audit firm), GCHQ (U.K. Intelligence and Security Agency), ICO (Information Commissioner's Office) and of course the BBFC.

But computer security expert Alec Muffett writes:

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

....

This document's approach to data protection is fundamentally flawed.

The (considerably) safer approach - one easier to certificate/validate/police - would be to say everything is forbidden except for upon for ; you would then allow vendors to appeal for exceptions under review.

It makes a few passes at pretending that this is what it's doing, but with subjective holes (green) that you can drive a truck through:

...

What we have here is a rehash of quite a lot of reasonable physical/operational security, business continuity & personnel security management thinking -- with digital stuff almost entirely punted.

It's better than #PAS1296 , but it's still not fit for purpose.

Read the full thread

 

 

Offsite Article: A government PR failure...


Link Here 22nd April 2019
John Carr, a leading supporter of the government's porn censorship regime, is a little exasperated by its negative reception in the media

See article from johnc1912.wordpress.com

 

 

Is it safe?...

Does the BBFC AV kite mark mean that at age verification service is safe?


Link Here22nd April 2019
The BBFC has published a detailed standard for age verifiers to get tested against to obtain a green AV kite mark aiming to convince users that their identity data and porn browsing history is safe.

I have read through the document and conclude that it is indeed a rigorous standard that I guess will be pretty tough for companies to obtain. I would say it would be almost impossible for a small or even medium size website to achieve the standard and more or less means that using an age verification service is mandatory.

The standard has lots of good stuff about physical security of data and vetting of staff access to the data.

Age verifier AVSecure commented:

We received the final documents and terms for the BBFC certification scheme for age verification providers last Friday. This has had significant input from various Government bodies including DCMS (Dept for Culture, Media & Sport), NCC Group plc (expert security and audit firm), GCHQ (UK Intelligence & Security Agency) ICO (Information Commissioner's Office) and of course the BBFC (the regulator).

The scheme appears to have very strict rules.

It is a multi-disciplined scheme which includes penetration testing, full and detailed audits, operational procedures over and above GDPR and the DPA 2018 (Data Protection Act). There are onerous reporting obligations with inspection rights attached. It is also a very costly scheme when compared to other quality standard schemes, again perhaps designed to deter the faint of heart or shallow of pocket.

Consumers will likely be advised against using any systems or methods where the prominent green AV accreditation kitemark symbol is not displayed.

 

But will the age verifier be logging your ID data and browsing history?

And the answer is very hard to pin down from the document. At first read it suggests that minimal data will be retained, but a more sceptical read, connecting a few paragraphs together suggests that the verifier will be required to keep extensive records about the users porn activity.

Maybe this is a reflection of a recent change of heart. Comments from AVSecure suggested that the BBFC/Government originally mandated a log of user activity but recently decided that keeping a log or not is down to the age verifier.

As an example of the rather evasive requirements:

8.5.9 Physical Location

Personal data relating to the physical location of a user shall not be collected as part of the age-verification process unless required for fraud prevention and detection. Personal data relating to the physical location of a user shall only be retained for as long as required for fraud prevention and detection.

Here it sounds like keeping tabs on location is optional, but another paragraph suggest otherwise: 

8.4.14 Fraud Prevention and Detection

Real-time intelligent monitoring and fraud prevention and detection systems shall be used for age-verification checks completed by the age-verification provider.

Now it seems that the fraud prevention is mandatory, and so a location record is mandatory after all.

Also the use off the phrase only be retained for as long as required for fraud prevention and detection. seems a little misleading too, as in reality fraud prevention will be required for as long as the customer keeps on using it. This may as well be forever.

There are other statements that sound good at first read, but don't really offer anything substantial:

8.5.6 Data Minimisation

Only the minimum amount of personal data required to verify a user's age shall be collected.

But if the minimum is to provide name and address + eg a drivers licence number or a credit card number then the minimum is actually pretty much all of it. In fact there are only the porn pass methods that offer any scope for 'truely minimal' data collection. Perhaps the minimal data also applies to the verified mobile phone method as although the phone company probably knows your identity, then maybe they won't need to pass it on to the age verifier.

 

What does the porn site get to know

The rare unequivocal and reassuring statement is

8.5.8 Sharing Results

Age-verification providers shall only share the result of an age-verification check (pass or fail) with the requesting website.

So it seems that identity details won't be passed to the websites themselves.

However the converse is not so clear:

8.5.6 Data Minimisation

Information about the requesting website that the user has visited shall not be collected against the user's activity.

Why add the phrase, against the user's activity. This is worded such that information about the requesting website could indeed be collected for another reason, fraud detection maybe.

Maybe the scope for an age verifier to maintain a complete log of porn viewing is limited more by the practical requirement for a website to record a successful age verification in a cookie such that the age verifier only gets to see one interaction with each website.

No doubt we shall soon find out whether the government wants a detailed log of porn viewed, as it  will be easy to spot if a website queries the age verifier for every film you watch.
 

Fraud Detection

And what about all this reference to fraud detection. Presumably the BBFC/Government is a little worried that passwords and accounts will be shared by enterprising kids. But on the other hand it may make life tricky for those using shared devices, or perhaps those who suddenly move from London to New York in an instant, when in fact this is totally normal for someone using a VPN on a PC.


Wrap up

The BBFC/Government have moved on a long way from the early days when the lawmakers created the law without any real protection for porn users and the BBFC first proposed that this could be rectified by asking porn companies to voluntarilyfollow 'best practice' in keeping people's data safe.

A definite improvement now, but I think I will stick to my VPN.

 

 

Bad Research And Block Heads...

David Flint looks into flimsy porn evidence used to justify government censorship


Link Here 22nd April 2019

 

 

Updated: Community Spirit...

It's good to see the internet community pull together to work around censorship via age verification


Link Here22nd April 2019
A TV channel, a porn producer, an age verifier and maybe even the government got together this week to put out a live test of age verification. The test was implemented on a specially created website featuring a single porn video.

The test required a well advertised website to provide enough traffic of viewers positively wanting to see the content. Channel 4 obliged with  its series Mums Make Porn. The series followed a group of mums making a porn video that they felt would be more sex positive and less harmful to kids than the more typical porn offerings currently on offer.

The mums did a good job and produced a decent video with a more loving and respectful interplay than is the norm. The video however is still proper hardcore porn and there is no way it could be broadcast on Channel 4. So the film was made available, free of charge, on its own dedicated website complete with an age verification requirement.

The website was announced as a live test for AgeChecked software to see how age verification would pan out in practice. It featured the following options for age verification

  1. entering full credit card details + email
  2. entering driving licence number + name and address + email
  3. mobile phone number + email (the phone must have been verified as 18+ by the service provider and must must be ready to receive an SMS message containing login details)

Nothing has been published in detail about the aims of the test but presumably they were interested in the basic questions such as:

  • What proportion of potential viewers will be put off by the age verification?
  • What proportion of viewers would be stupid enough to enter their personal data?
  • Which options of identification would be preferred by viewers?

 

The official test 'results'

Alastair Graham, CEO of AgeChecked provided a few early answers inevitably claiming that:

The results of this first mainstream test of our software were hugely encouraging.

He went on to claim that customers are willing to participate in the process, but noted that verified phone number method emerged as by far the most popular method of verification. He said that this finding would be a key part of this process moving forward.

Reading between the lines perhaps he was saying that there wasn't much appetite for handing over detailed personal identification data as required by the other two methods.

I suspect that we will never get to hear more from AgeChecked especially about any reluctance of people to identify themselves as porn viewers.

 

The unofficial test results

Maybe they were also interested in other questions too:

  • Will people try and work around the age verification requirements?
  • if people find weaknesses in the age verification defences, will they pass on their discoveries to others?

Interestingly the age verification requirement was easily sidestepped by those with a modicum of knowledge about downloading videos from websites such as YouTube and PornHub. The age verification mechanism effectively only hid the start button from view. The actual video remained available for download, whether people age verified or not. All it took was a little examination of the page code to locate the video. There are several tools that allow this: video downloader addons, file downloaders or just using the browser's built in debugger to look at the page code.

Presumably the code for the page was knocked up quickly so this flaw could have been a simple oversight that is not likely to occur in properly constructed commercial websites. Or perhaps the vulnerability was deliberately included as part of the test to see if people would pick up on it.

However it did identify that there is a community of people willing to stress test age verification restrictions and see if work rounds can be found and shared.

I noted on Twitter that several people had posted about the ease of downloading the video and had suggested a number of tools or methods that enabled this.

There was also an interesting article posted on achieving age verification using an expired credit card. Maybe that is not so catastrophic as it still identifies a cardholder as over 18, even if cannot be used to make a payment. But of course it may open new possibilities for misuse of old data. Note that random numbers are unlikely to work because of security algorithms. Presumably age verification companies could strengthen the security by testing that a small transaction works, but this intuitively this would have significant cost implications. I guess that to achieve any level of take up, age verification needs to be cheap for both websites and viewers.

 

Community Spirit

It was very heartening to see how many people were helpfully contributing their thoughts about testing the age verification software.

Over the course of a couple of hours reading, I learnt an awful lot about how websites hide and protect video content, and what tools are available to see through the protection. I suspect that many others will soon be doing the same... and I also suspect that young minds will be far more adept than I at picking up such knowledge.

 

A final thought

I feel a bit sorry for small websites who sell content. It adds a whole new level complexity as a currently open preview area now needs to be locked away behind an age verification screen. Many potential customers will be put off by having to jump through hoops just to see the preview material. To then ask them to enter all their credit card details again to subscribe, may be a hurdle too far.

Update: The Guardian reports that age verification were easily circumvented

22nd April 2019. See article from theguardian.com

The Guardian reported that the credit card check used by AgeChecked could be easily fooled by generating a totally false credit card number. Note that a random number will not work as there is a well known sum check algorithm which invalidates a lot of random numbers. But anyone who knows or looks up the algorithm would be able to generate acceptable credit card numbers that would at least defeat AgeChecked.

Or they would have been had AgeChecked not now totally removed the credit card check option from its choice of options.

Still the damage was done when the widely distributed Guardian article has established doubts about the age verification process.

Of course the workaround is not exactly trivial and will stop younger kids from 'stumbling on porn' which seems to be the main fall back position of this entire sorry scheme.

 

 

Offsite Article: A good summary of where we are at...


Link Here 21st April 2019
Politics, privacy and porn: the challenges of age-verification technology. By Ray Allison

See article from computerweekly.com

 

 

Smart phones only for porn viewing?...

VPNCompare reports a significant increase in website visitors in response to upcoming porn censorship. Meanwhile age verifications options announced so far for major websites seem to be apps only


Link Here 20th April 2019
VPNCompare is reporting that internet users in Britain are responding to the upcoming porn censorship regime by investigating the option to get a VPN so as to workaround most age verification requirements without handing over dangerous identity details.

VPNCompare says that the number of UK visitors to its website has increased by 55% since the start date of the censorship scheme was announced. The website also sated that Google searches for VPNs had trippled. Website editor, Christopher Seward told the Independent:

We saw a 55 per cent increase in UK visitors alone compared to the same period the previous day. As the start date for the new regime draws closer, we can expect this number to rise even further and the number of VPN users in the UK is likely to go through the roof.

The UK Government has completely failed to consider the fact that VPNs can be easily used to get around blocks such as these.

Whilst the immediate assumption is that porn viewers will reach for a VPN to avoid handing over dangerous identity information, there may be another reason to take out a VPN, a lack of choice of appropriate options for age validation.

3 companies run the 6 biggest adult websites. Mindgeek owns Pornhub, RedTube and Youporn. Then there is Xhamster and finally Xvideos and xnxx are connected.

Now Mindgeek has announced that it will partner with Portes Card for age verification, which has options for identity verification, giving a age verified mobile phone number, or else buying  a voucher in a shop and showing age ID to the shop keeper (which is hopefully not copied or recorded).

Meanwhile Xhamster has announced that it is partnering with 1Account which accepts a verified mobile phone, credit card, debit card, or UK drivers licence. It does not seem to have an option for anonymous verification beyond a phone being age verified without having to show ID.

Perhaps most interestingly is that both of these age verifiers are smart phone based apps. Perhaps the only option for people without a phone is to get a VPN. I also spotted that most age verification providers that I have looked at seem to be only interested in UK cards, drivers licences or passports. I'd have thought there may be legal issues in not accepting EU equivalents. But foreigners may also be in the situation of not being able to age verify and so need a VPN.

And of course the very fact that is no age verification option common to the major porn website then it may just turn out to be an awful lot simpler just to get a VPN.

 

 

Is it safe?...

Is your identity data and porn browsing history safe with an age verification service sporting a green BBFC AV badge?...Err...No!...


Link Here19th April 2019
The Interrogator :

Is it safe?

The BBFC (on its Age Verification website)...err...no!...:

An assessment and accreditation under the AVC is not a guarantee that the age-verification provider and its solution (including its third party companies) comply with the relevant legislation and standards, or that all data is safe from malicious or criminal interference.

Accordingly the BBFC shall not be responsible for any losses, damages, liabilities or claims of whatever nature, direct or indirect, suffered by any age-verification provider, pornography services or consumers/ users of age-verification provider's services or pornography services or any other person as a result of their reliance on the fact that an age-verification provider has been assessed under the scheme and has obtained an Age-verification Certificate or otherwise in connection with the scheme.

 

 

Offsite Article: Age verification won't block porn...


Link Here 18th April 2019
But it will spell the end of ethical porn. By Girl on the Net

See article from theguardian.com

 

 

Get a VPN or fill your boots now! There's 3 months left for unhindered porn downloading...

The government announces that its internet porn censorship scheme will come into force on 15th July 2019


Link Here17th April 2019
The UK will become the first country in the world to bring in age-verification for online pornography when the measures come into force on 15 July 2019.

It means that commercial providers of online pornography will be required by law to carry out robust age-verification checks on users, to ensure that they are 18 or over.

Websites that fail to implement age-verification technology face having payment services withdrawn or being blocked for UK users.

The British Board of Film Classification (BBFC) will be responsible for ensuring compliance with the new laws. They have confirmed that they will begin enforcement on 15 July, following an implementation period to allow websites time to comply with the new standards.

Minister for Digital Margot James said that she wanted the UK to be the most censored place in the world to b eonline:

Adult content is currently far too easy for children to access online. The introduction of mandatory age-verification is a world-first, and we've taken the time to balance privacy concerns with the need to protect children from inappropriate content. We want the UK to be the safest place in the world to be online, and these new laws will help us achieve this.

Government has listened carefully to privacy concerns and is clear that age-verification arrangements should only be concerned with verifying age, not identity. In addition to the requirement for all age-verification providers to comply with General Data Protection Regulation (GDPR) standards, the BBFC have created a voluntary certification scheme, the Age-verification Certificate (AVC), which will assess the data security standards of AV providers. The AVC has been developed in cooperation with industry, with input from government.

Certified age-verification solutions which offer these robust data protection conditions will be certified following an independent assessment and will carry the BBFC's new green 'AV' symbol. Details will also be published on the BBFC's age-verification website, ageverificationregulator.com so consumers can make an informed choice between age-verification providers.

BBFC Chief Executive David Austin said:

The introduction of age-verification to restrict access to commercial pornographic websites to adults is a ground breaking child protection measure. Age-verification will help prevent children from accessing pornographic content online and means the UK is leading the way in internet safety.

On entry into force, consumers will be able to identify that an age-verification provider has met rigorous security and data checks if they carry the BBFC's new green 'AV' symbol.

The change in law is part of the Government's commitment to making the UK the safest place in the world to be online, especially for children. It follows last week's publication of the Online Harms White Paper which set out clear responsibilities for tech companies to keep UK citizens safe online, how these responsibilities should be met and what would happen if they are not.

 

 

Proven privacy concerns...

When spouting on about keeping porn users data safe the DCMS proves that it simply can't be trusted by revealing journalists' private emails


Link Here 17th April 2019
 
  
 Believe us, we can cure all society's ills
 

A government department responsible for data protection laws has shared the private contact details of hundreds of journalists.

The Department for Censorship, Media and Sport emailed more than 300 recipients in a way that allowed their addresses to be seen by other people.

The email - seen by the BBC - contained a press release about age verifications for adult websites .

Digital Minister Margot James said the incident was embarrassing. She added:

It was an error and we're evaluating at the moment whether that was a breach of data protection law.

In the email sent on Wednesday, the department claimed new rules would offer robust data protection conditions, adding: Government has listened carefully to privacy concerns.

 

 

Offsite Article: The UK Government Risks Facilitating a Porn Monopoly...


Link Here14th April 2019
Spare a thought for how age verification censorship affects British small adult businesses and sex workers. By Freya Pratty

See article from novaramedia.com

 

 

Well if they legislate without giving a shit about the safety and privacy of porn users...

WebUser magazine kindly informs readers how to avoid being endangered by age verification


Link Here13th April 2019
The legislators behind the Digital Economy Act couldn't be bothered to include any provisions for websites and age verifiers to keep the identity and browsing history of porn users safe. It has now started to dawn on the authorities that this was a mistake. They are currently implementing a voluntary kitemark scheme to try and assure users that porn website's and age verifier's claims of keeping data safe can be borne out.

It is hardly surprising that significant numbers of people are likely to be interested in avoiding having to register their identity details before being able to access porn.

It seems obvious that information about VPNs and Tor will therefore be readily circulated amongst any online community with an interest in keeping safe. But perhaps it is a little bit of a shock to see it is such large letters in a mainstream magazine on the shelves of supermarkets and newsagents.

And perhaps anther thought is that once the BBFC starting ISPs to block non-compliant websites then circumvention will be the only way see your blocked favourite websites. So people stupidly signing up to age verification will have less access to porn and a worse service than those that circumvent it.

 

 

The Great British Firewall...

Zippyshare blocks itself from UK access


Link Here 11th April 2019
Zippyshare is a long running data locker and file sharing platform that is well known particularly for the distribution of porn.

Last month UK users noted that they have been blocked from accessing the website and that it can now only be accessed via a VPN.

Zippyshare themselves has made no comment about the block, but TorrentFreak have investigated the censorship and have determined that the block is self imposed and is not down to action by UK courts or ISPs.

Alan wonders if this is a premature reaction to the Great British Firewall, noting it's quite a popular platform for free porn.

Of course it poses the interesting question that if websites generally decide to address the issue of UK porn censorship by self imposed blocks, then keen users will simply have to get themselves VPNs. Being willing to sign up for age verification simply won't work. Perhaps VPNs will be next to mandatory for British porn users, and age verification will become an unused technology.

 

 

Offsite Article: Porn Wars...


Link Here8th April 2019
sex, Lies And The Battle To Control Britain's Internet. By David Flint

See article from reprobatepress.com

 

 

Scary stuff: the government wanted a detailed log of your porn viewing history...

A report suggesting that government has (reluctantly) relaxed its requirements for internet porn age verifiers to keep a detailed log of people's porn access


Link Here5th April 2019
In an interesting article on the Government age verification and internet porn censorship scheme, technology website Techdirt reports on the ever slipping deadlines.

Seemingly with detailed knowledge of government requirements for the scheme, Tim Cushing explains that up until recently the government has demand that age verification companies retain a site log presumably recording people's porn viewing history. He writes:

The government refreshed its porn blockade late last year, softening a few mandates into suggestions. But the newly-crafted suggestions were backed by the implicit threat of heavier regulation. All the while, the government has ignored the hundreds of critics and experts who have pointed out the filtering plan's numerous problems -- not the least of which is a government-mandated collection of blackmail fodder.

The government is no longer demanding retention of site logs by sites performing age verification, but it's also not telling companies they shouldn't retain the data. Companies likely will retain this data anyway, if only to ensure they have it on hand when the government inevitably changes it mind.

Cushing concludes with a comment perhaps suggesting that the Government wants a far more invasive snooping regime than commercial operators are able or willing to provide. He notes:

Shortly. April 1st will come and go with no porn filter. The next best guess is around Easter (April 21st). But I'd wager that date comes and goes as well with zero new porn filters. The UK government only knows what it wants. It has no idea how to get it. I

And it seems that some age verification companies are getting wound up by negative internet and press coverage of the dangers inherent in their services. @glynmoody tweeted:

I see age verification companies that will create the biggest database of people's porn preferences - perfect for blackmail - are now trying to smear people pointing out this is a stupid idea as deliberately creating a climate of fear and confusion about the technologies nope

 

 

Mums want Four Play...but can they get it?...

The porn movie from the TV series 'Mums Make Porn' is used as a live test for age verification


Link Here 4th April 2019
The age verification company AgeChecked and porn producer Erika Lust have created a test website for a live trial of age verification.

The test website iwantfourplay.com features the porn video created by the mums in the Channel 4 series Mums Make Porn.

The website presented the video free of charge, but only after viewers passed one of 3 options for age verification:

  1. entering full credit card details + email
  2. entering driving licence number + name and address + email
  3. mobile phone number + email (the phone must have been verified as 18+ by the service provider and must must be ready to receive an SMS message containing login details)

The AgeChecked forms are unimpressive, the company seems reluctant to inform customers about requirements before handing over details. The forms do not even mention that the age requirement is 18+. It certainly does not try to make it clear that say a debit card is unacceptable or that a driving licence is not acceptable if registered to a 17 year old. It seems that they would prefer users to type in all their details and then tell them sorry, the card/licence/phone number doesn't pass the test. In fact the mobile phone option is distinctly misleading it suggests that it may be quicker to use the other options if the mobile phone is not age verified. It should say more positively that an unverified phone cannot be used.

The AgeChecked forms also make contradictory claims about users personal data not being stored by Age Checked (or shared with  iwantfourplay.com)... but then goes on to ask for email address for logging into existing existing AgeChecked accounts, so obviously that item of personal data must be stored by AgeChecked for practical recurring usage.

AgeChecked has already reported on the early results from the test. Alastair Graham, CEO of AgeChecked said:

The results of this first mainstream test of our software were hugely encouraging.

Whilst an effective date for the new legislation's implementation is yet to be confirmed by the British Board of Film Classification, this suggests a clear preparedness to offer robust, secure age verification procedures to the adult industry's 24-30 million UK users.

It also highlights that customers are willing to participate in the process when they know that they are being verified by a secure provider, with whom their identity is fully protected.

The popularity of mobile phone verification was interesting and presumably due the simplicity of using this device. This is something that we foresee as being a key part of this process moving forward.

Don't these people spout rubbish sometimes, pretending that not wanting to have one's credit card details, name and address details associated with watching porn is just down to convenience.

Graham also did not mention other perhaps equally important results from the test. In particular I wonder how many people seeking the video simply decided not to proceed further when presented by age verification options.

I wonder also how many people watched the video without going through age verification. I noted that with a little jiggery pokery, the video could be viewed by VPN. I also noted that although the age verification got in the way of clicking on the video, file/video downloading browser addons were still able to access the video without bothering with the age verification.

And congratulations to the mums for making a good porn video. It feature very attractive actors participating in all the usual porn elements, whilst getting across the mums' wishes for a more positive/loving approach to sex.

 

 

Updated: The State of Play...

Age verification and UK internet porn censorship


Link Here31st March 2019
The Government has been very secretive about its progress towards the starting of internet censorship for porn in the UK. Meanwhile the appointed internet porn censor, the BBFC, has withdrawn into its shell to hide from the flak. It has uttered hardly a helpful word on the subject in the last six months, just at a time when newspapers have been printing uniformed news items based on old guesstimates of when the scheme will start.

The last target date was specified months ago when DCMS minister Margot James suggested that it was intended to get the scheme going around Easter of 2019. This date was not achieved but the newspapers seem to have jumped to the conclusion that the scheme would start on 1st April 2019. The only official response to this false news is that the DCMS will now be announcing the start date shortly.

So what has been going on?

Well it seems that maybe the government realised that asking porn websites and age verification services to demand that porn users identify themselves without any real legal protection on how that data can be used is perhaps not the wisest thing to do. Jim Killock of Open Rights Group explains that the delays are due to serious concerns about privacy and data collection:

When they consulted about the shape of age verification last summer they were surprised to find that nearly everyone who wrote back to them in that consultation said this was a privacy disaster and they need to make sure people's data doesn't get leaked out.

Because if it does it could be that people are outed, have their relationships break down, their careers could be damaged, even for looking at legal material.

The delays have been very much to do with the fact that privacy has been considered at the last minute and they're having to try to find some way to make these services a bit safer. It's introduced a policy to certify some of the products as better for privacy (than others) but it's not compulsory and anybody who chooses one of those products might find they (the companies behind the sites) opt out of the privacy scheme at some point in the future.

And there are huge commercial pressures to do this because as we know with Facebook and Google user data is extremely valuable, it tells you lots about what somebody likes or dislikes or might want or not want.

So those commercial pressures will kick in and they'll try to start to monetise that data and all of that data if it leaked out would be very damaging to people so it should simply never be collected.

So the government has been working on a voluntary kite mark scheme to approve age verifiers that can demonstrate to an auditor they will keep user data safe. This scheme seems to be in its early stages as the audit policy was first outlines to age verifiers on 13th March 2019. AvSecure reported on Twitter:

Friday saw several AV companies meet with the BBFC & the accreditation firm, who presented the framework & details of the proposed scheme.

Whilst the scheme itself seems very deep & comprehensive, there were several questions asked that we are all awaiting answers on.

The Register reports that AgeID has already commissioned a data security audit using the information security company, the NCC Group. Perhaps that company can therefore be rapidly approved by the official auditor, whose identity seems to being kept secret.

So the implementation schedule must presumably be that the age verifiers get audited over the next couple of months and then after that the government can give websites the official 3 months notice required to give websites time to implement the now accredited age verification schemes.

The commencement date will perhaps be about 5 or 6 months from now.

Update: Announcement this week

31st March 2019. See  article from thetimes.co.uk

The government is expected to announce a timetable on Wednesday for the long-awaited measure to force commercial providers of online porn to check users' ages.

 

 

Commented No they're not thinking of the children...

The Guardian suggests that the start of internet porn censorship will be timed to help heal the government's reputational wounds after the Brexit debacle


Link Here 25th March 2019
The Observer today published an article generally supporting the upcoming porn censorship and age verification regime. It did have one interesting point to note though:

Brexit's impact on the pornography industry has gone unnoticed. But the chaos caused by the UK's disorderly exit from the European Union even stretches into the grubbier parts of cyberspace.

A new law forcing pornography users to prove that they are adults was supposed to be introduced early next month. But sources told the Observer that it may not be unveiled until after the Brexit impasse is resolved as the government, desperate for other things to talk about, believes it will be a good news story that will play well with the public when it is eventually unveiled.

Comment: The illiberal Observer

25th March 2019. Thanks to Alan

Bloody hell! Have you seen this fuckwittage from the purportedly liberal Observer?

Posh-boy churnalist Jamie (definitely not Jim) Doward regurgitates the bile of authoritarian feminist Gail Dines about the crackpot attempt to stop children accessing a bit of porn. This is total bollox.

It's getting on for sixty years since I spotted that my girl contemporaries were taking on a different and interesting shape - a phenomenon I researched by reference to two bodies of literature: those helpful little books for the amateur and professional photographer in which each photo of a lady was accompanied by F number and exposure time and those periodicals devoted to naturism. This involved no greater subterfuge than taking off my school cap and turning up my raincoat collar to hide my school tie. I would fervently hope that today's lads can run rings round parental controls and similar nonsense.

 

 

Someone's telling stories...

The BBFC has made a pretty poor show of setting out guidelines for the technical implementation of age verification, and now the Stop Age Verification campaign has pointed out that the BBFC has made legal errors about text porn


Link Here 25th March 2019
The BBFC seems a little behind the curve in its role as porn censor. Its initial draft of its guidelines gave absolutely no concern for the safety and well being of porn users. The BBFC spoke of incredibly sensitive identity and browsing date being entrusted to adult websites and age verifiers, purely on the forlorn hope that these companies would follow 'best practice' voluntary guidelines to keep the data safe. The BBFC offered next to no guidelines that defined how age verification should work and what it really needs to do.

As time has moved on, it has obviously occurred to the BBFC or the government that this was simply not good enough, so we are now waiting on the implementation of some sort of kite marking scheme to try to provide at least a modicum of trust in age verifiers to keep this sensitive data safe.

But even in this period of rework, the BBFC hasn't been keeping interested parties informed of what's going on. The BBFC seem very reluctant to advise or inform anyone of anything. Perhaps the rework is being driven by the government and maybe the BBFC isn't in a position to be any more helpful.

Anyway it is interesting to note that in an article from stopageverification.org.uk , that the BBFC has been reported to being overstepping the remit of the age verification laws contained in the Digital Economy Act:

The BBFC posts this on the Age verifiers website :

All types of pornographic content are within the scope of the legislation. The legislation does not exclude audio or text from its definition of pornography. All providers of commercial online pornography to persons in the UK are required to comply with the age-verification requirement.

Except that's not what the legislation says :

Pornographic material is defined in s.15 of the act. This sets out nine categories of material. Material is defined in that section (15(2) as material means204 (a) a series of visual images shown as a moving picture, with or without sound; (b) a still image or series of still images, with or without sound; or (c) sound;

It clearly doesn't mention text.

The BBFC need to be clear in their role as Age Verifier. They can only apply the law as enacted by Parliament. If they seek to go beyond that they could be at risk of court action.

 

 

Offsite Article: Britain's Pornographer and Puritan Coalition...


Link Here 21st March 2019
Backlash speculates that the UK's upcoming porn censorship will play into the hands of foreign tube site monopolies

See article from backlash.org.uk

 

 

Offsite Article: Don't be a verified idiot...


Link Here 16th March 2019
Get a VPN. The Guardian outlines some of the dangers of getting age verified for porn

See article from theguardian.com

 

 

Offsite Article: A review of age verification methods...


Link Here 14th March 2019
This is how age verification will work under the UK's porn censorship law

See article from wired.co.uk

 

 

Maybe realisation that endangering parents is not a good way to protect children...

Sky News confirms that porn age verification will not be starting from April 2019 and notes that a start date has yet to be set


Link Here6th March 2019

Sky News has learned that the government has delayed setting a date for when age verification rules will come into force due to concerns regarding the security and human rights issues posed by the rules. A DCMS representative said:

This is a world-leading step forward to protect our children from adult content which is currently far too easy to access online.

The government, and the BBFC as the regulator, have taken the time to get this right and we will announce a commencement date shortly.

Previously the government indicated that age verification would start from about Easter but the law states that 3 months notice must be given for the start date. Official notice has yet to be published so the earliest it could start is already June 2019.

The basic issue is that the Digital Economy Act underpinning age verification does not mandate that identity data and browsing provided of porn users should be protected by law. The law makers thought that GDPR would be sufficient for data protection, but in fact it only requires that user consent is required for use of that data. All it requires is for users to tick the consent box, probably without reading the deliberately verbose or vague terms and conditions provided. After getting the box ticked the age verifier can then do more or less what they want to do with the data.

Realising that this voluntary system is hardly ideal, and that the world's largest internet porn company Mindgeek is likely to become the monopoly gatekeeper of the scheme, the government has moved on to considering some sort of voluntary kitemark scheme to try and convince porn users that an age verification company can be trusted with the data. The kitemark scheme would appoint an audit company to investigate the age verification implementations and to approve those that use good practises.

I would guess that this scheme is difficult to set up as it would be a major risk for audit companies to approve age verification systems based upon voluntary data protection rules. If an 'approved' company were later found to be selling, misusing data or even getting hacked, then the auditor could be sued for negligent advice, whilst the age verification company could get off scot-free.

 

 

AgeID scarily will require an email address and ID to view PornHub...

There's also a rather unconvincing option to use an app, but that seems to ID your device instead


Link Here4th March 2019
Pornhub and sister websites will soon require ID from users before being able to browse its porn.

The government most recently suggested that this requirement would start from about Easter this year, but this date has already slipped. The government will give 3 months notice of the start date and as this has not yet been announced, the earliest start date is currently in June.

Pornhub and YouPorn will use the AgeID system, which requires users to identify themselves with an email address and a credit card, passport, driving licence or an age verified mobile phone number.

Metro.co.uk spoke to a spokesperson from AgeID to find out how it will work (and what you'll actually see when you try to log in). James Clark, AgeID spokesperson, said:

When a user first visits a site protected by AgeID, a landing page will appear with a prompt for the user to verify their age before they can access the site.

First, a user can register an AgeID account using an email address and password. The user verifies their email address and then chooses an age verification option from our list of 3rd party providers, using options such as Mobile SMS, Credit Card, Passport, or Driving Licence.

The second option is to purchase a PortesCard or voucher from a retail outlet. Using this method, a customer does not need to register an email address, and can simply access the site using the Portes app.

Thereafter, users will be able to use this username/password combination to log into all porn sites which use the Age ID system.

It is a one-time verification, with a simple single sign-on for future access. If a user verifies on one AgeID protected site, they will not need to perform this verification again on any other site carrying AgeID.

The PortesCard is available to purchase from selected high street retailers and any of the UK's 29,000 PayPoint outlets as a voucher. Once a card or voucher is purchased, its unique validation code must be activated via the Portes app within 24 hours before expiring.

If a user changes device or uses a fresh browser, they will need to login with the credentials they used to register. If using the same browser/device, the user has a choice as to whether they wish to login every time, for instance if they are on a shared device (the default option), or instead allow AgeID to log them in automatically, perhaps on a mobile phone or other personal device.

Clark claimed that AgeID's system does not store details of people's ID, nor does it store their browsing history. This sounds a little unconvincing and must be taken on trust. And this statement rather seems to be contradicted by a previous line noting that user's email will be verified, so that piece of identity information at least will need to be stored and read.

The Portes App solution seems a little doubtful too. It claims not to log device data and then goes on to explain that the PortesCard needs to be locked to a device, rather suggesting that it will in fact be using device data. It will be interesting to see what app permissions the app will require when installing. Hopefully it won't ask to read your contact list.

This AgeID statement rather leaves the AVSecure card idea in the cold. The AVSecure system of proving your age anonymously at a shop, and then obtaining a password for use on porn websites seems to be the most genuinely anonymous idea suggested so far, but it will be pretty useless if it can't be used on the main porn websites.

 

 

The BBFC didn't turn up...

Open Rights Group met to discuss the BBFC's age verification scheme with its voluntary privacy protection


Link Here 28th February 2019

We met to discuss BBFC's voluntary age verification privacy scheme, but BBFC did not attend. Open Rights Group met a number of age verification providers to discuss the privacy standards that they will be meeting when the scheme launches, slated for April. Up to 20 million UK adults are expected to sign up to these products.

We invited all the AV providers we know about, and most importantly, the BBFC, at the start of February. BBFC are about to launch a voluntary privacy standard which some of the providers will sign up to. Unfortunately, BBFC have not committed to any public consultation about the scheme, relying instead on a commercial provider to draft the contents with providers, but without wider feedback from privacy experts and people who are concerned about users.

We held the offices close to the BBFC's offices in order that it would be convenient for them to send someone that might be able to discuss this with us. We have been asking for meetings with BBFC about the privacy issues in the new code since October 2018: but have not received any reply or acknowledgement of our requests, until this morning, when BBFC said they would be unable to attend today's roundtable. This is very disappointing.

BBFC's failure to consult the public about this standard, or even to meet us to discuss our concerns, is alarming. We can understand that BBFC is cautious and does not wish to overstep its relationship with its new masters at DCMS. BBFC may be worried about ORG's attitude towards the scheme: and we certainly are critical. However, it is not responsible for a regulator to fail to talk to its potential critics.

We are very clear about our objectives. We are acting to do our best to ensure the risk to adult users of age verification technologies are minimised. We do not pose a threat to the scheme as a whole: listening to us can only result in making the pornographic age verification scheme more likely to succeed, and for instance, to avoid catastrophic failures.

Privacy concerns appear to have been recognised by BBFC and DCMS as a result of consultation responses from ORG supporters and others, which resulted in the voluntary privacy standard. These concerns have also been highlighted by Parliament, whose regulatory committee expressed surprise that the Digital Economy Act 2017 had contained no provision to deal with the privacy implications of pornographic age verification.

Today's meeting was held to discuss:

  • What the scheme is likely to cover; and what it ideally should cover;

  • Whether there is any prospect of making the scheme compulsory;

  • What should be done about non-compliant services;

  • What the governance of the scheme should be in the long tern, for instance whether it might be suitable to become an ICO backed code, or complement such as code

As we communicated to BBFC in December 2018, we have considerable worries about the lack of consultation over the standard they are writing, which appears to be truncated in order to meet the artificial deadline of April this year. This is what we explained to BBFC in our email:

  • Security requires as many perspectives to be considered as possible.

  • The best security standards eg PCI DSS are developed in the open and iterated

  • The standards will be best if those with most to lose are involved in the design.
     

    • For PCI DSS, the banks and their customers have more to lose than the processors

    • For Age Verification, site users have more to lose than the processors, however only the processors seem likely to be involved in setting the standard

We look forward to BBFC agreeing to meet us to discuss the outcome of the roundtable we held about their scheme, and to discuss our concerns about the new voluntary privacy standard. Meanwhile, we will produce a note from the meeting, which we believe was useful. It covered the concerns above, and issues around timing, as well as strategies for getting government to adjust their view of the absence of compulsory standards, which many of the providers want. In this, BBFC are a critical actor. ORG also intends as a result of the meeting to start to produce a note explaining what an effective privacy scheme would cover, in terms of scope, risks to mitigate, governance and enforcement for participants.

 

 

Offsite Article: The age of market dominance...


Link Here 4th February 2019
The Register talks to Pornhub's Age ID about progress of UK Age verification schemes

See article from theregister.co.uk

 

 

Unsurprising result from one side of the debate...

InternetMatters.org publishes a survey showing that 83% of parents support age verification for porn


Link Here 23rd January 2019
InternetMatters.org is group funded by UK internet and telecoms companies with the aim of promoting their role in internet safety.

The group has now published a survey supporting the government's upcoming introduction of age verification requirements for porn websites. The results reveal:

  • 83% feel that commercial porn sites should demand users verify their age before they're able to access content.
  • 76% of UK parents feel there should be greater restrictions online to stop kids seeing adult content.
  • 69% of parents of children aged four to 16 say they're confident the government's new ID restrictions will make a difference.

However 17% disagreed with commercial porn sites requiring ID from their users. And the use of data was the biggest obstacle for those parents opposed to the plans. Of those parents who are anti-age verification, 30% said they wouldn't trust age-verification companies with their personal data.

While 18% of parents claim they expect kids would find a way to get around age-verification and a further 13% claim they're unsure that it would actually reduce the number of children accessing pornography. Age-verification supported by experts

 

 

Unprotected sex...

Gay website closes as user fears of being outed via age verification makes the site too dangerous for it to be viable


Link Here17th January 2019
gaystarnews.com has published an article outlining the dangers of porn viewers submitting their identity data and browsing history to age verifiers and their websites. The article explains that the dangers for gay porn viewers are even mor pronounced that for straight viewers. The artisle illustrates this with an example:

David Bridle, the publisher of Dirty Boyz , announced in October that last month's issue of the magazine would be its last. He said:

Following the Conservative government's decision ... to press ahead with new regulations forcing websites which make money from adult content to carry an age verification system ... Dirtyboyz and its website dirtyboyz.xxx have made the decision to close.

The new age verification system will be mostly run by large adult content companies which themselves host major "Tube" style porn sites. 'It would force online readers of Dirtyboyz to publicly declare themselves.

Open Rights Group executive director, Jim Killock, told GSN the privacy of users needs protecting:

The issue with age verification systems is that they need to know it's you. This means there's a strong likelihood that it will basically track you and know what you're watching. And that's data that could be very harmful to people.

It could cause issues in relationships. Or it could see children outed to their parents. It could mean people are subjected to scams and blackmail if that data falls into criminal hands. Government response

A spokesperson for the Department of Culture, Media and Sport (DCMS) told Gay Star News:

Pornographic websites and age verification services will be subject to the UK's existing high standard of data protection legislation. The Data Protection Act 2018 provides a comprehensive and modern framework for data protection, with strong sanctions for malpractice and enforced by the Information Commissioner's Office.

But this is bollox, the likes of Facebook and Google are allowed to sell browsing data for eg targeted advertising within the remit of GDPR. And targeted advertising could be enough in itself to out porn viewers.

 

 

Fill your boots whilst you still can...

British porn viewers are reported to be building up their collections ahead of the introduction of censorship and age verification


Link Here 13th January 2019
UK-based porn viewers seem to be filling their boots before the government's age check kicks in as traffic to xHamster rose 6% in 2018

According to xHamster's Alex Hawkins, the trend is typical of countries in which plans to block online pornography becomes national news. It seems the more you talk about it, the more people feel invested in it as a right, he said.

The government has promised a minimum of three months for industry and the public to prepare for age verification, meaning they are likely to come into force around Easter. However this is a little unfair to websites as the BBFC has not yet established the process by which age verification services will be kitemarked and approved as promising to keep porn viewers identity and/or browsing history acceptably safe. For the moment websites do not know which services will be deemed acceptable.

Countries that have restrictions already in place showed, unsurprisingly, a decline in visitors. Traffic from China fell 81% this year, which xHamster put down to the nation's ban on VPNs and $80,000 cash rewards for people who shopped sites hosting illegal content, like porn.

Elsewhere, the report showed an increase in the number of female visitors to the site -- up 42% in the US and 12.3% worldwide -- a trend Hawkins predicted would continue into 2019.

 

 

The dangers lurking behind age verification schemes...

UK internet porn censorship marches on with the publication of a new law supporting age verification


Link Here11th January 2019
The government has published Online Pornography (Commercial Basis) Regulations 2019 which defines which websites get caught up in upcoming internet porn censorship requirements and how social media websites are excused from the censorship.

These new laws will come into force on the day that subsection (1) of section 14 of the Digital Economy Act 2017 comes fully into force. This is the section that introduces porn censorship and age verification requirements. This date has not yet been announced but the government has promised to give at least 3 months notice.

So now websites which are more than one-third pornographic content or else those that promote themselves as pornographic will be obliged to verify the age of UK visitors under. However the law does not provide any specific protection for porn viewers' data beyond the GDPR requirements to obtain nominal consent before using the data obtained for any purpose the websites may desire.

The BBFC and ICO will initiate a voluntary kitemark scheme so that porn websites and age verification providers can be audited as holding porn browsing data and identity details responsibly. This scheme has not yet produced any audited providers so it seems a little unfair to demand that websites choose age verification technology before service providers are checked out.

It all seems extraordinarily dangerous for porn users to submit their identity to adult websites or age verification providers without any protection under law. The BBFC has offered worthless calls for these companies to handle data responsibly, but so many of the world's major website companies have proven themselves to be untrustworthy, and hackers, spammers, scammers, blackmailers and identity thieves are hardly likely to take note of the BBFC's fine words eg suggesting 'best practice' when implementing age verification.

Neil Brown, the MD of law firm decoded.legal told Sky News:

It is not clear how this age verification will be done, and whether it can be done without also have to prove identity, and there are concerns about the lack of specific privacy and security safeguards.

Even though this legislation has received quite a lot of attention, I doubt most internet users will be aware of what looks like an imminent requirement to obtain a 'porn licence' before watching pornography online.

The government's own impact assessment recognises that it is not guaranteed to succeed, and I suspect we will see an increase in advertising from providers in the near future.

It would seem particularly stupid to open one up to the dangers of have browsing and identity tracked, so surely it is time to get oneself protected with a VPN, which enables one to continue accessing porn without having to hand over identity details.

 

 

Appealing choice...

A chair has been appointed for independent appeals panel for the age verification


Link Here9th January 2019

Kirsty Brimelow QC is the new chairwoman of the independent appeals panel for the age verification regime of the British Board of Film Classification. The panel will oversee attempts to prevent children gaining access to adult content online. The initial term is for 3 years in the post

 

 

In a week when the GDPR didn't do anything to stop German politicians' private data being published...

A parliamentary committee suggests that perhaps the government ought to monitor how age verification requirements endanger porn viewers


Link Here6th January 2019
Parliament's Regulatory Policy Committee (RPC) has reported that the government's approach to internet porn censorship and age verification is fit for purpose, but asks a few important questions about how safe it is for porn viewers.

The RPC was originally set up a decade ago to help cut red tape by independently checking government estimates of how much complying with new laws and regulations would cost the private sector. Of curse all it has achieved is to watch the western world suffocate itself in accelerating red tape to such a point that the west seems to be on a permanent course to diminishing wealth and popular unrest. One has to ask if the committee itself is fit for purpose?

Anyway in the subject of endangering porn users by setting them up for identity thieves, blackmailers and scammers, the authors write:

Risks and wider impacts. The Impact Assessment (IA) makes only limited reference to risks and wider impacts of the measure. These include the risk that adults and children may be pushed towards the dark web or related systems to avoid AV, where they could be exposed to illegal activities and extreme material that they otherwise would never have come into contact with. The IA also recognises numerous other wider impacts, including privacy/fraud concerns linked to inputting ID data into sites and apps.

Given the potential severity of such risks and wider impacts, the RPC believes that a more thorough consideration of each, and of the potential means to mitigate them, would have been appropriate. The RPC therefore recommends that the Department ensures that it robustly monitors these risks and wider impacts, post-implementation.

 

 

A censorship agenda...

MPs nod through the BBFC internet porn censorship guidelines


Link Here19th December 2018
The House of Commons approved the upcoming internet porn censorship scheme to be implemented by the BBFC from about Easter 2019.

The debate was set for 3 sections to approve each of the 3 documents defining the BBFC censorship guidelines. Each was allotted 90 minutes for a detailed debate on how the BBFC would proceed. However following a Brexit debate the debate was curtailed to a single 90 minute session covering all 3 sections.

It didn't matter much as the debate consisted only of MPs with a feminist agenda saying how the scope of the censorship didn't go far enough. Even the government spokeswoman leading the debate didn't understand why the rules didn't go further in extending sites being censored to social media; and why the range of porn to be banned outright wasn't more extensive.

Hardly a word said was relevant to the topic of examining the BBFC guidelines.  Issues of practicality, privacy, the endangerment of porn viewers from fraud, outing and blackmail are clearly of no interest to MPs.

The MPs duly nodded their approval of the BBFC regime and so it will soon be announced when the censorship will commence.

The age verification service provider was quick to follow up with a press release extolling the virtues of its porn viewing card approach. Several newspapers obliging published articles using it, eg  See  Porn sites 'will all require proof of age from April 2019' -- here's how it'll work from metro.co.uk

 

 

BBFC age verification we don't trust...

The upcoming porn censorship regime has been approved by the Lords


Link Here 14th December 2018

On Tuesday the House of Lords approved the BBFC's scheme to implement internet porn censorship in the UK. Approval will now be sought from the House of Commons.

The debate in the Lords mentioned a few issues in passing but they seemed to be avoiding taking about some of the horrors of the scheme.

The Digital Economy Act defining the law behind the scheme offers no legal requirement for age verification providers to restrict how they can use porn viewers data. Lords mentioned that it is protected under the GDPR rules but these rules still let companies do whatever they like with data, just with the proviso that they ask for consent. But of course the consent is pretty mandatory to sign up for age verification, and some of the biggest internet companies in the world have set the precedent they can explain wide ranging usage of the data claiming it will be used say to improve customer experience.

Even if the lords didn't push very hard, people at the DCMS or BBFC have been considering this deficiency, and have come up with the idea that data use should be voluntarily restricted according to a kite mark scheme. Age verification schemes will have their privacy protections audited by some independent group and if they pass they can display a gold star. Porn viewers are then expected to trust age verification schemes with a gold star. But unfortunately it sounds a little like the sort of process that decided that cladding was safe for high rise blocks of flats.

The lords were much more concerned about the age verification requirements for social media and search engines, notably Twitter and Google Images. Clearly age verification schemes required for checking that users are 13 or 18 will be very different from an 18 only check, and will be technically very different. So the Government explained that these wider issues will be addressed in a new censorship white paper to be published in 2019.

The lords were also a bit perturbed that the definition of banned material wasn't wide enough for their own preferences. Under the current scheme the BBFC will be expected to ban totally any websites with child porn or extreme porn. The lords wondered why this wasn't extended to cartoon porn and beyond R18 porn, presumably thinking of fisting, golden showers and the like. However in reality if the definition of bannable porn was extended, then every major porn website in the word would have to be banned by the BBFC. And anyway the government is changing its censorship rules such that fisting and golden showers are, or will soon be, allowable at R18 anyway.

The debate revealed that the banks and payment providers have already agreed to ban payments to websites banned by the BBFC. The government also confirmed its intention to get the scheme up and running by April. Saying that, it would seem a little unfair for the website's 3 month implementation period to be set running before their age verification options are accredited with their gold stars. Otherwise some websites would waste time and money implementing schemes that may later be declared unacceptable.

Next a motion to approve draft legislation over the UK's age-verification regulations will be debated in the House of Commons. Stephen Winyard, AVSecure s chief marketing officer, told XBIZ:

We are particularly pleased that the prime minister is set to approve the draft guidance for the age-verification law on Monday. From this, the Department for Digital, Culture, Media and Sport will issue the effective start date and that will be around Easter.

But maybe the prime minister has a few more urgent issues on her mind at the moment.

 

 

BBFC: Age Verification We Don't Trust...

The government's age verification scheme which leaves people's sensitive sexual preferences unprotected by law is to be presented for approval by the House of Lords


Link Here 10th December 2018
The following four motions are expected to be debated together in the House of Lords on 11th December 2018:

Online Pornography (Commercial Basis) Regulations 2018

Lord Ashton of Hyde to move that the draft Regulations laid before the House on 10 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 38th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

Guidance on Age-verification Arrangements

Lord Ashton of Hyde to move that the draft Guidance laid before the House on 25 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 39th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

Lord Stevenson of Balmacara to move that this House regrets that the draft Online Pornography (Commercial Basis) Regulations 2018 and the draft Guidance on Age-verification Arrangements do not bring into force section 19 of the Digital Economy Act 2017, which would have given the regulator powers to impose a financial penalty on persons who have not complied with their instructions to require that they have in place an age verification system which is fit for purpose and effectively managed so as to ensure that commercial pornographic material online will not normally be accessible by persons under the age of 18.

Guidance on Ancillary Service Providers

Lord Ashton of Hyde to move that the draft Guidance laid before the House on 25 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 39th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

The DCMS and BBFC age verification scheme has been widely panned as fundamentally the law provides no requirement to actually protect people's identity data that can be coupled with their sexual preferences and sexuality. The scheme only offers voluntary suggestions that age verification services and websites should protect their user's privacy. But one only has to look to Google, Facebook and Cambridge Analytica to see how worthless mere advice is. GDPR is often quoted but that only requires that user consent is obtained. One will have to simply to the consent to the 'improved user experience' tick box to watch the porn, and thereafter the companies can do what the fuck they like with the data.

See criticism of the scheme:

Security expert provides a detailed break down of the privacy and security failures of the age verification scheme

Parliamentary scrutiny committee condemns BBFC Age Verification Guidelines

Parliamentary scrutiny committee condemns as 'defective' a DCMS Statutory Instrument excusing Twitter and Google images from age verification.

 

 

Defective Age Verification Law...

Parliamentary scrutiny committee condemns as 'defective' a DCMS Statutory Instrument excusing Twitter and Google images from age verification. Presumably one of the reasons for the delayed introduction


Link Here 3rd December 2018
There's a joint committee to scrutinise laws passed in parliament via Statutory Instruments. These are laws that are not generally presented to parliament for discussion, and are passed by default unless challenged.

The committee has now taken issue with a DCMS law to excuse the likes of social media and search engines from requiring age verification for any porn images that may get published on the internet. The committee reports from a session on 21st November 2018 that the law was defective and 'makes an unexpected use of the enabling power'. Presumably this means that the DCMS has gone beyond the scope of what can be passed without full parliamentary scrutiny.

Draft S.I.: Reported for defective drafting and for unexpected use of powers Online Pornography (Commercial Basis) Regulations 2018

7.1 The Committee draws the special attention of both Houses to these draft Regulations on the grounds that they are defectively drafted and make an unexpected use of the enabling power.

7.2 Part 3 of the Digital Economy Act 2017 ("the 2017 Act") contains provisions designed to prevent persons under the age of 18 from accessing internet sites which contain pornographic material. An age-verification regulator 1 is given a number of powers to enforce the requirements of Part 3, including the power to impose substantial fines. 2

7.3 Section 14(1) is the key requirement. It provides:

"A person contravenes [Part 3 of the Act] if the person makes pornographic material available on the internet to persons in the United Kingdom on a commercial basis other than in a way that secures that, at any given time, the material is not normally accessible by persons under the age of 18".

7.4 The term "commercial basis" is not defined in the Act itself. Instead, section 14(2) confers a power on the Secretary of State to specify in regulations the circumstances in which, for the purposes of Part 3, pornographic material is or is not to be regarded as made available on a commercial basis. These draft regulations would be made in exercise of that power. Regulation 2 provides:

"(1) Pornographic material is to be regarded as made available on the internet to persons in the United Kingdom on a commercial basis for the purposes of Part 3 of the Digital Economy Act 2017 if either paragraph (2) or (3) are met.

(2) This paragraph applies if access to that pornographic material is available only upon payment.

(3) This paragraph applies (subject to paragraph (4)) if the pornographic material is made available free of charge and the person who makes it available receives (or reasonably expects to receive) a payment, reward or other benefit in connection with making it available on the internet.

(4) Subject to paragraph (5), paragraph (3) does not apply in a case where it is reasonable for the age-verification regulator to assume that pornographic material makes up less than one-third of the content of the material made available on or via the internet site or other means (such as an application program) of accessing the internet by means of which the pornographic material is made available.

(5) Paragraph (4) does not apply if the internet site or other means (such as an application program) of accessing the internet (by means of which the pornographic material is made available) is marketed as an internet site or other means of accessing the internet by means of which pornographic material is made available to persons in the United Kingdom."

7.5 The Committee finds these provisions difficult to understand, whether as a matter of simple English or as legal propositions. Paragraphs (4) and (5) are particularly obscure.

7.6 As far as the Committee can gather from the Explanatory Memorandum, the policy intention is that a person will be regarded as making pornographic material available on the internet on a commercial basis if:

(A) a charge is made for access to the material; OR

(B) the internet site is accessible free of charge, but the person expects to receive a payment or other commercial benefit, for example through advertising carried on the site.

7.7 There is, however, an exception to (B): in cases in which no access charge is made, the person will NOT be regarded as making the pornographic material available on a commercial basis if the material makes up less than one-third of the content on the internet site--even if the person expects to receive a payment or other commercial benefit from the site. But that exception does not apply in a case where the person markets it as a pornographic site, or markets an "app" as a means of accessing pornography on the site.

7.8 As the Committee was doubtful whether regulation 2 as drafted is effective to achieve the intended result, it asked the Department for Digital, Culture, Media and Sport a number of questions. These were designed to elicit information about the regulation's meaning and effect.

7.9 The Committee is disappointed with the Department's memorandum in response, printed at Appendix 7: it fails to address adequately the issues raised by the Committee.

7.10 The Committee's first question asked the Department to explain why paragraph (1) of regulation 2 refers to whether either paragraph (2) or (3) "are met" 3 rather than "applies". The Committee raised this point because paragraphs (2) and (3) each begin with "This paragraph applies if ...". There is therefore a mismatch between paragraph (1) and the subsequent paragraphs, which could make the regulation difficult to interpret. It would be appropriate to conclude paragraph (1) with "is met" only if paragraphs (2) and (3) began with "The condition in this paragraph is met if ...". The Department's memorandum does not explain this discrepancy. The Committee accordingly reports regulation 2(1) for defective drafting.

7.11 The first part of the Committee's second question sought to probe the intended effect of the words in paragraph (4) of regulation 2 italicised above, and how the Department considers that effect is achieved.

7.12 While the Department's memorandum sets out the policy reasons for setting the one-third threshold, it offers little enlightenment on whether paragraph (4) is effective to achieve the policy aims. Nor does it deal properly with the second part of the Committee's question, which sought clarification of the concept of "one-third of ... material ... on ... [a] means .... of accessing the internet ...".

7.13 The Committee is puzzled by the references in regulation 2(4) to the means of accessing the internet. Section 14(2) of the 2017 Act confers a power on the Secretary of State to specify in regulations circumstances in which pornographic material is or is not to be regarded as made available on the internet on a commercial basis. The means by which the material is accessed (for example, via an application program on a smart phone) appears to be irrelevant to the question of whether it is made available on the internet on a commercial basis. The Committee remains baffled by the concept of "one-third of ... material ... on [a] means ... of accessing the internet".

7.14 More generally, regulation 2(4) fails to specify how the one-third threshold is to be measured and what exactly it applies to. Will the regulator be required to measure one-third of the pictures or one-third of the words on a particular internet site or both together? And will a single webpage on the site count towards the total if less than one-third of the page's content is pornographic--for example, a sexually explicit picture occupying 32% of the page, with the remaining 68% made up of an article about fishing? The Committee worries that the lack of clarity in regulation 2(4) may afford the promoter of a pornographic website opportunities to circumvent Part 3 of the 2017 Act.

7.15 The Committee is particularly concerned that a promoter may make pornographic material available on one or more internet sites containing multiple pages, more than two-thirds of which are non-pornographic. For every 10 pages of pornography, there could be 21 pages about (for example) gardening or football. Provided the sites are not actively marketed as pornographic, they would not be regarded as made available on a commercial basis. This means that Part 3 of the Act would not apply, and the promoter would be free to make profits through advertising carried on the sites, while taking no steps at all to ensure that they were inaccessible to persons under 18.

7.16 The Committee anticipates that the shortcomings described above are likely to cause significant difficulty in the application and interpretation of regulation 2(4). The Committee also doubts whether Parliament contemplated, when enacting Part 3 of the 2017 Act, that the power conferred by section 14(2) would be exercised in the way provided for in regulation 2(4). The Committee therefore reports regulation 2(4) for defective drafting and on the ground that it appears to make an unexpected use of the enabling power.

 

 

Offsite Article: Online porn filters will never work...


Link Here 26th November 2018
Beyond the massive technical challenge, filters are a lazy alternative to effective sex education. By Lux Alptraum

See article from theverge.com

 

 

UK adult businesses to be crucified from Easter 2019...

DCMS minister Margot James informs parliamentary committee of the schedule for the age verification internet porn censorship regime


Link Here15th November 2018
Age Verification and adult internet censorship was discussed by the Commons Science and Technology Committee on 13th November 2018.

Carol Monaghan Committee Member: The Digital Economy Act made it compulsory for commercial pornography sites to undertake age verification, but implementation has been subject to ongoing delays. When do we expect it to go live?

Margot James MP, Minister for Digital and the Creative Industries: We can expect it to be in force by Easter next year. I make that timetable in the knowledge that we have laid the necessary secondary legislation before Parliament. I am hopeful of getting a slot to debate it before Christmas, before the end of the year. We have always said that we will permit the industry three months to get up to speed with the practicalities and delivering the age verification that it will be required to deliver by law. We have also had to set up the regulator--well, not to set it up, but to establish with the British Board of Film Classification , which has been the regulator, exactly how it will work. It has had to consult on the methods of age verification, so it has taken longer than I would have liked, but I would balance that with a confidence that we have got it right.

Carol Monaghan: Are you confident that the commercial pornography companies are going to engage fully and will implement the law as you hope?

Margot James: I am certainly confident on the majority of large commercial pornography websites and platforms being compliant with the law. They have engaged well with the BBFC and the Department , and want to be on the right side of the law. I have confidence, but I am wary of being 100% confident, because there are always smaller and more underground platforms and sites that will seek ways around the law. At least, that is usually the case. We will be on the lookout for that, and so will the BBFC. But the vast majority of organisations have indicated that they are keen to comply with the legislation.

Carol Monaghan: One concern that we all have is that children can stumble across pornography. We know that on social media platforms, where children are often active, up to a third of their content can be pornographic, but they fall outside the age verification regulation because it is only a third and not the majority. Is that likely to undermine the law? Ultimately the law, as it stands, is there to safeguard our children.

Margot James: I acknowledge that that is a weakness in the legislative solution. I do not think that for many mainstream social media platforms as much of a third of their content is pornographic, but it is well known that certain social media platforms that many people use regularly have pornography freely available. We have decided to start with the commercial operations while we bring in the age verification techniques that have not been widely used to date. But we will keep a watching brief on how effective those age verification procedures turn out to be with commercial providers and will keep a close eye on how social media platforms develop in terms of the extent of pornographic material, particularly if they are platforms that appeal to children--not all are. You point to a legitimate weakness, on which we have a close eye.

 

 

Fireworks in the House...

The Lords discuss when age verification internet censorship will start


Link Here 13th November 2018

Pornographic Websites: Age Verification - Question

House of Lords on 5th November 2018 .

Baroness Benjamin Liberal Democrat

To ask Her Majesty 's Government what will be the commencement date for their plans to ensure that age-verification to prevent children accessing pornographic websites is implemented by the British Board of Film Classification .

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, we are now in the final stages of the process, and we have laid the BBFC 's draft guidance and the Online Pornography (Commercial Basis) Regulations before Parliament for approval. We will ensure that there is a sufficient period following parliamentary approval for the public and the industry to prepare for age verification. Once parliamentary proceedings have concluded, we will set a date by which commercial pornography websites will need to be compliant, following an implementation window. We expect that this date will be early in the new year.

Baroness Benjamin

I thank the Minister for his Answer. I cannot wait for that date to happen, but does he share my disgust and horror that social media companies such as Twitter state that their minimum age for membership is 13 yet make no attempt to restrict some of the most gross forms of pornography being exchanged via their platforms? Unfortunately, the Digital Economy Act does not affect these companies because they are not predominantly commercial porn publishers. Does he agree that the BBFC needs to develop mechanisms to evaluate the effectiveness of the legislation for restricting children's access to pornography via social media sites and put a stop to this unacceptable behaviour?

Lord Ashton of Hyde

My Lords, I agree that there are areas of concern on social media sites. As the noble Baroness rightly says, they are not covered by the Digital Economy Act . We had many hours of discussion about that in this House. However, she will be aware that we are producing an online harms White Paper in the winter in which some of these issues will be considered. If necessary, legislation will be brought forward to address these, and not only these but other harms too. I agree that the BBFC should find out about the effectiveness of the limited amount that age verification can do; it will commission research on that. Also, the Digital Economy Act itself made sure that the Secretary of State must review its effectiveness within 12 to 18 months.

Lord Griffiths of Burry Port Opposition Whip (Lords), Shadow Spokesperson (Digital, Culture, Media and Sport), Shadow Spokesperson (Wales)

My Lords, once again I find this issue raising a dynamic that we became familiar with in the only too recent past. The Government are to be congratulated on getting the Act on to the statute book and, indeed, on taking measures to identify a regulator as well as to indicate that secondary legislation will be brought forward to implement a number of the provisions of the Act. My worry is that, under one section of the Digital Economy Act , financial penalties can be imposed on those who infringe this need; the Government seem to have decided not to bring that provision into force at this time. I believe I can anticipate the Minister 's answer but--in view of the little drama we had last week over fixed-odds betting machines--we would not want the Government, having won our applause in this way, to slip back into putting things off or modifying things away from the position that we had all agreed we wanted.

Lord Ashton of Hyde

My Lords, I completely understand where the noble Lord is coming from but what he said is not quite right. The Digital Economy Act included a power that the Government could bring enforcement with financial penalties through a regulator. However, they decided--and this House decided--not to use that for the time being. For the moment, the regulator will act in a different way. But later on, if necessary, the Secretary of State could exercise that power. On timing and FOBTs, we thought carefully--as noble Lords can imagine--before we said that we expect the date will be early in the new year,

Lord Addington Liberal Democrat

My Lords, does the Minister agree that good health and sex education might be a way to counter some of the damaging effects? Can the Government make sure that is in place as soon as possible, so that this strange fantasy world is made slightly more real?

Lord Ashton of Hyde

The noble Lord is of course right that age verification itself is not the only answer. It does not cover every possibility of getting on to a pornography site. However, it is the first attempt of its kind in the world, which is why not only we but many other countries are looking at it. I agree that sex education in schools is very important and I believe it is being brought into the national curriculum already.

The Earl of Erroll Crossbench

Why is there so much wriggle room in section 6 of the guidance from the DCMS to the AV regulator? The ISP blocking probably will not work, because everyone will just get out of it. If we bring this into disrepute then the good guys, who would like to comply, probably will not; they will not be able to do so economically. All that was covered in British Standard PAS 1296, which was developed over three years. It seems to have been totally ignored by the DCMS. You have spent an awful lot of time getting there, but you have not got there.

Lord Ashton of Hyde

One of the reasons this has taken so long is that it is complicated. We in the DCMS , and many others, not least in this House, have spent a long time discussing the best way of achieving this. I am not immediately familiar with exactly what section 6 says, but when the statutory instrument comes before this House--it is an affirmative one to be discussed--I will have the answer ready for the noble Earl.

Lord West of Spithead Labour

My Lords, does the Minister not agree that the possession of a biometric card by the population would make the implementation of things such as this very much easier?

Lord Ashton of Hyde

In some ways it would, but there are problems with people who either do not want to or cannot have biometric cards.

 

 

BBFC: Age verification we don't trust...

Analysis of BBFC's Post-Consultation Guidance by the Open Rights Group


Link Here 8th November 2018
Following the conclusion of their consultation period, the BBFC have issued new age verification guidance that has been laid before Parliament. It is unclear why, if the government now recognises that privacy protections like this are needed, the government would also leave the requirements as voluntary.

Summary

The new code has some important improvements, notably the introduction of a voluntary scheme for privacy, close to or based on a GDPR Code of Conduct. This is a good idea, but should not be put in place as a voluntary arrangement. Companies may not want the attention of a regulator, or may simply wish to apply lower or different standards, and ignore it. It is unclear why, if the government now recognises that privacy protections like this are needed, the government would also leave the requirements as voluntary.

We are also concerned that the voluntary scheme may not be up and running before the AV requirement is put in place. Given that 25 million UK adults are expected to sign up to these products within a few months of its launch, this would be very unhelpful.

Parliament should now:

  • Ask the government why the privacy scheme is to be voluntary, if the risks of relying on general data protection law are now recognised;
  • Ask for assurance from BBFC that the voluntary scheme will cover the all of the major operators; and
  • Ask for assurance from BBFC and DCMS that the voluntary privacy scheme will be up and running before obliging operators to put Age Verification measures in place.

The draft code can be found here .

Lack of Enforceability of Guidance

The Digital Economy Act does not allow the BBFC to judge age verification tools by any standard other than whether or not they sufficiently verify age. We asked that the BBFC persuade the DCMS that statutory requirements for privacy and security were required for age verification tools.

The BBFC have clearly acknowledged privacy and security concerns with age verification in their response. However, the BBFC indicate in their response that they have been working with the ICO and DCMS to create a voluntary certification scheme for age verification providers:

"This voluntary certification scheme will mean that age-verification providers may choose to be independently audited by a third party and then certified by the Age-verification Regulator. The third party's audit will include an assessment of an age-verification solution's compliance with strict privacy and data security requirements."

The lack of a requirement for additional and specific privacy regulation in the Digital Economy Act is the cause for this voluntary approach.

While a voluntary scheme above is likely to be of some assistance in promoting better standards among age verification providers, the "strict privacy and data security requirements" which the voluntary scheme mentions are not a statutory requirement, leaving some consumers at greater risk than others.

Sensitive Personal Data

The data handled by age verification systems is sensitive personal data. Age verification services must directly identify users in order to accurately verify age. Users will be viewing pornographic content, and the data about what specific content a user views is highly personal and sensitive. This has potentially disastrous consequences for individuals and families if the data is lost, leaked, or stolen.

Following a hack affecting Ashley Madison -- a dating website for extramarital affairs -- a number of the site's users were driven to suicide as a result of the public exposure of their sexual activities and interests.

For the purposes of GDPR, data handled by age verification systems falls under the criteria for sensitive personal data, as it amounts to "data concerning a natural person's sex life or sexual orientation".

Scheduling Concerns

It is of critical importance that any accreditation scheme for age verification providers, or GDPR code of conduct if one is established, is in place and functional before enforcement of the age verification provisions in the Digital Economy Act commences. All of the major providers who are expected to dominate the age verification market should undergo their audit under the scheme before consumers will be expected to use the tool. This is especially true when considering the fact that MindGeek have indicated their expectation that 20-25 million UK adults will sign up to their tool within the first few months of operation. A voluntary accreditation scheme that begins enforcement after all these people have already signed up would be unhelpful.

Consumers should be empowered to make informed decisions about the age verification tools that they choose from the very first day of enforcement. No delays are acceptable if users are expected to rely upon the scheme to inform themselves about the safety of their data. If this cannot be achieved prior to the start of expected enforcement of the DE Act's provisions, then the planned date for enforcement should be moved back to allow for the accreditation to be completed.

Issues with Lack of Consumer Choice

It is of vital importance that consumers, if they must verify their age, are given a choice of age verification providers when visiting a site. This enables users to choose which provider they trust with their highly sensitive age verification data and prevents one actor from dominating the market and thereby promoting detrimental practices with data. The BBFC also acknowledge the importance of this in their guidance, noting in 3.8:

"Although not a requirement under section 14(1) the BBFC recommends that online commercial pornography services offer a choice of age-verification methods for the end-user".

This does not go far enough to acknowledge the potential issues that may arise in a fragmented market where pornographic sites are free to offer only a single tool if they desire.

Without a statutory requirement for sites to offer all appropriate and available tools for age verification and log in purposes, it is likely that a market will be established in which one or two tools dominate. Smaller sites will then be forced to adopt these dominant tools as well, to avoid friction with consumers who would otherwise be required to sign up to a new provider.

This kind of market for age verification tools will provide little room for a smaller provider with a greater commitment to privacy or security to survive and robs users of the ability to choose who they trust with their data.

We already called for it to be made a statutory requirement that pornographic sites must offer a choice of providers to consumers who must age verify, however this suggestion has not been taken up.

We note that the BBFC has been working with the ICO and DCMS to produce a voluntary code of conduct. Perhaps a potential alternative solution would be to ensure that a site is only considered compliant if it offers users a number of tools which has been accredited under the additional privacy and security requirements of the voluntary scheme.

GDPR Codes of Conduct

A GDPR "Code of Conduct" is a mechanism for providing guidelines to organisations who process data in particular ways, and allows them to demonstrate compliance with the requirements of the GDPR.

A code of conduct is voluntary, but compliance is continually monitored by an appropriate body who are accredited by a supervisory authority. In this case, the "accredited body" would likely be the BBFC, and the "supervisory authority" would be the ICO. The code of conduct allows for certifications, seals and marks which indicate clearly to consumers that a service or product complies with the code.

Codes of conduct are expected to provide more specific guidance on exactly how data may be processed or stored. In the case of age verification data, the code could contain stipulations on:

  • Appropriate pseudonymisation of stored data;
  • Data and metadata retention periods;
  • Data minimisation recommendations;
  • Appropriate security measures for data storage;
  • Security breach notification procedures;
  • Re-use of data for other purposes.

The BBFC's proposed "voluntary standard" regime appears to be similar to a GDPR code of conduct, though it remains to be seen how specific the stipulations in the BBFC's standard are. A code of conduct would also involve being entered into the ICO's public register of UK approved codes of conduct, and the EPDB's public register for all codes of conduct in the EU.

Similarly, GDPR Recital 99 notes that "relevant stakeholders, including data subjects" should be consulted during the drafting period of a code of conduct - a requirement which is not in place for the BBFC's voluntary scheme.

It is possible that the BBFC have opted to create this voluntary scheme for age verification providers rather than use a code of conduct, because they felt they may not meet the GDPR requirements to be considered as an appropriate body to monitor compliance. Compliance must be monitored by a body who has demonstrated:

  • Their expertise in relation to the subject-matter;
  • They have established procedures to assess the ability of data processors to apply the code of conduct;
  • They have the ability to deal with complaints about infringements; and
  • Their tasks do not amount to a conflict of interest.
Parties Involved in the Code of Conduct Process

As noted by GDPR Recital 99, a consultation should be a public process which involves stakeholders and data subjects, and their responses should be taken into account during the drafting period:

"When drawing up a code of conduct, or when amending or extending such a code, associations and other bodies representing categories of controllers or processors should consult relevant stakeholders, including data subjects where feasible , and have regard to submissions received and views expressed in response to such consultations."

The code of conduct must be approved by a relevant supervisory authority (in this case the ICO).

An accredited body (BBFC) that establishes a code of conduct and monitors compliance is able to establish their own structures and procedures under GDPR Article 41 to handle complaints regarding infringements of the code, or regarding the way it has been implemented. BBFC would be liable for failures to regulate the code properly under Article 41(4), [1] however DCMS appear to have accepted the principle that the government would need to protect BBFC from such liabilities. [2]

GDPR Codes of Conduct and Risk Management

Below is a table of risks created by age verification which we identified during the consultation process. For each risk, we have considered whether a GDPR code of conduct may help to mitigate the effects of it.

Risk CoC Appropriate? Details
User identity may be correlated with viewed content. Partially This risk can never be entirely mitigated if AV is to go ahead, but a CoC could contain very strict restrictions on what identifying data could be stored after a successful age verification.
Identity may be associated to an IP address, location or device. No It would be very difficult for a CoC to mitigate this risk as the only safe mitigation would be not to collect user identity information.
An age verification provider could track users across all the websites it's tool is offered on. Yes Strict rules could be put in place about what data an age verification provider may store, and what data it is forbidden from storing.
Users may be incentivised to consent to further processing of their data in exchange for rewards (content, discounts etc.) Yes Age verification tools could be expressly forbidden from offering anything in exchange for user consent.
Leaked data creates major risks for identified individuals and cannot be revoked or adequately compensated for. Partially A CoC can never fully mitigate this risk if any data is being collected, but it could contain strict prohibitions on storing certain information and specify retention periods after which data must be destroyed, which may mitigate the impacts of a data breach.
Risks to the user of access via shared computers if viewing history is stored alongside age verification data. Yes A CoC could specify that any accounts for pornographic websites which may track viewed content must be strictly separate and not in any visible way linked to a user's age verification account or data that confirms their identity.
Age verification systems are likely to trade off convenience for security. (No 2FA, auto-login, etc.) Yes A CoC could stipulate that login cookies that "remember" a returning user must only persist for a short time period, and should recommend or enforce two-factor authentication.
The need to re-login to age verification services to access pornography in "private browsing" mode may lead people to avoid using this feature and generate much more data which is then stored. No A CoC cannot fix this issue. Private browsing by nature will not store any login cookies or other objects and will require the user to re-authenticate with age verification providers every time they wish to view adult content.
Users may turn to alternative tools to avoid age verification, which carry their own security risks. (Especially "free" VPN services or peer-to-peer networks). No Many UK adults, although over 18, will be uncomfortable with the need to submit identity documents to verify their age and will seek alternative means to access content. It is unlikely that many of these individuals will be persuaded by an accreditation under a GDPR code.
Age verification login details may be traded and shared among teenagers or younger children, which could lead to bullying or "outing" if such details are linked to viewed content. Yes Strict rules could be put in place about what data an age verification provider may store, and what data it is forbidden from storing.
Child abusers could use their access to age verified content as an adult as leverage to create and exploit relationships with children and teenagers seeking access to such content (grooming). No This risk will exist as long as age verification is providing a successful barrier to accessing such content for under-18s who wish to do so.
The sensitivity of content dealt with by age verification services means that users who fall victim to phishing scams or fraud have a lower propensity to report it to the relevant authorities. Partially A CoC or education campaign may help consumers identify trustworthy services, but it can not fix the core issue, which is that users are being socialised into it being "normal" to input their identity details into websites in exchange for pornography. Phishing scams resulting from age verification will appear and will be common, and the sensitivity of the content involved is a disincentive to reporting it.
The use of credit cards as an age verification mechanism creates an opportunity for fraudulent sites to engage in credit card theft. No Phishing and fraud will be common. A code of conduct which lists compliant sites and tools externally on the ICO website may be useful, but a phishing site may simply pretend to be another (compliant) tool, or rely on the fact that users are unlikely to check with the ICO every time they wish to view pornographic content.
The rush to get age verification tools to market means they may take significant shortcuts when it comes to privacy and security. Yes A CoC could assist in solving this issue if tools are given time to be assessed for compliance before the age verification regime commences .
A single age verification provider may come to dominate the market, leaving users little choice but to accept whatever terms the provider offers. Partially Practically, a CoC could mitigate some of the effects of an age verification tool monopoly if the dominant tool is accredited under the Code. However, this relies on users being empowered to demand compliance with a CoC, and it is possible that users will instead be left with a "take it or leave it" situation where the dominant tool is not CoC accredited.
Allowing pornography "monopolies" such as MindGeek to operate age verification tools is a conflict of interest. Partially As the BBFC note in their consultation response, it would not be reasonable to prohibit a pornographic content provider from running an age verification service as it would prevent any site from running their own tool. However, under a CoC it is possible that a degree of separation could be enforced that requires an age verification tools to adhere to strict rules about the use of data, which could mitigate the effects of a large pornographic content provider attempting to collect as much user data as possible for their own business purposes.
 

[1] "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: the obligations of the monitoring body pursuant to Article 41(4)."

[2] "contingent liability will provide indemnity to the British Board of Film Classification (BBFC) against legal proceedings brought against the BBFC in its role as the age verification regulator for online pornography."

 

 

Offsite Article: Millions of porn videos will not be blocked by UK online age checks...


Link Here21st October 2018
The government makes changes such that image hosting sites, not identifying as porn sites, do not need age verification for porn images they carry

See article from theguardian.com

 

 

Not taking censorship lying down...

MoneySupermarket survey finds that 25% of customers will take action if their porn is blocked


Link Here 16th October 2018
In a survey more about net neutrality than porn censorship, MoneySupermarket noted:

We conducted a survey of over 2,000 Brits on this and it seems that if an ISP decided to block sites, it could result in increasing numbers of Brits switching - 64 per cent of Brits would be likely to switch ISP if they put blocks in place

In reality, this means millions could be considering a switch as nearly six million having tried to access a site that was blocked in the last week - nearly one in 10 across the country.

It's an issue even more pertinent for those aged 18 to 34, with nearly half (45 per cent) having tried to access a site that was blocked at some point.

While ISPs might block sites for various reasons, a quarter of Brits said they would switch ISP if they were blocked from viewing adult sites - with those living with partners the most likely to do so!

Now switching ISPs isn't going to help much if the BBFC, the government appointed porn censor, has dictated that all ISPs block porn sites. But maybe these 25% of internet users will take up alternatives such as subscribing to a VPN service.

 

 

Paying for unsafe legislation...

The Government picks up the tab for legal liabilities arising from the BBFC being sued over age verification issues


Link Here 12th October 2018
As far as I can see if a porn website verifies your age with personal data, it will probably also require you tick tick a consent box with a hol load of small print that nobody ever reads. Now if that small print lets it forward all personal data, coupled with porn viewing data, to the Kremlin's dirty tricks and blackmail department then that's ok with the the Government's age verification law. So for sure some porn viewers are going to get burnt because of what the government has legislated and because of what the BBFC have implemented.

So perhaps it is not surprising that the BBFC has asked the government to pick up the tab should the BBFC be sued by people harmed by their decisions. After all it was the government who set up the unsafe environment, not the BBFC.

Margot James The Minister of State, Department for Culture, Media and Sport announced in Parliament:

I am today laying a Departmental Minute to advise that the Department for Digital, Culture, Media and Sport (DCMS) has received approval from Her Majesty's Treasury (HMT) to recognise a new Contingent Liability which will come into effect when age verification powers under Part 3 of the Digital Economy Act 2017 enter force.

The contingent liability will provide indemnity to the British Board of Film Classification (BBFC) against legal proceedings brought against the BBFC in its role as the age verification regulator for online pornography.

As you know, the Digital Economy Act introduces the requirement for commercial providers of online pornography to have robust age verification controls to protect children and young people under 18 from exposure to online pornography. As the designated age verification regulator, the BBFC will have extensive powers to take enforcement action against non-compliant sites. The BBFC can issue civil proceedings, give notice to payment-service providers or ancillary service providers, or direct internet service providers to block access to websites where a provider of online pornography remains non-compliant.

The BBFC expects a high level of voluntary compliance by providers of online pornography. To encourage compliance, the BBFC has engaged with industry, charities and undertaken a public consultation on its regulatory approach. Furthermore, the BBFC will ensure that it takes a proportionate approach to enforcement and will maintain arrangements for an appeals process to be overseen by an independent appeals body. This will help reduce the risk of potential legal action against the BBFC.

However, despite the effective work with industry, charities and the public to promote and encourage compliance, this is a new law and there nevertheless remains a risk that the BBFC will be exposed to legal challenge on the basis of decisions taken as the age verification regulator or on grounds of principle from those opposed to the policy.

As this is a new policy, it is not possible to quantify accurately the value of such risks. The Government estimates a realistic risk range to be between 2£1m - 2£10m in the first year, based on likely number and scale of legal challenges. The BBFC investigated options to procure commercial insurance but failed to do so given difficulties in accurately determining the size of potential risks. The Government therefore will ensure that the BBFC is protected against any legal action brought against the BBFC as a result of carrying out duties as the age verification regulator.

The Contingent Liability is required to be in place for the duration of the period the BBFC remain the age verification regulator. However, we expect the likelihood of the Contingent Liability being called upon to diminish over time as the regime settles in and relevant industries become accustomed to it. If the liability is called upon, provision for any payment will be sought through the normal Supply procedure.

It is usual to allow a period of 14 Sitting Days prior to accepting a Contingent Liability, to provide Members of Parliament an opportunity to raise any objections.

 

 

Preventing children and non human operators from being able to access porn...

BBFC publishes its sometimes bizarre Guidance on Age-verification Arrangement


Link Here11th October 2018

The BBFC has published its Age Verification Guidance document that will underipin the implementation of internet porn censorship in the UK.

Perhaps a key section is:

5. The criteria against which the BBFC will assess that an age-verification arrangement meets the requirement under section 14(1) to secure that pornographic material is not normally accessible by those under 18 are set out below:

a. an effective control mechanism at the point of registration or access to pornographic content by the end-user which verifies that the user is aged 18 or over at the point of registration or access

b use of age-verification data that cannot be reasonably known by another person, without theft or fraudulent use of data or identification documents nor readily obtained or predicted by another person

c. a requirement that either a user age-verify each visit or access is restricted by controls, manual or electronic, such as, but not limited to, password or personal identification numbers. A consumer must be logged out by default unless they positively opt-in for their log in information to be remembered

d. the inclusion of measures which authenticate age-verification data and measures which are effective at preventing use by non-human operators including algorithms

It is fascinating as to why the BBFC feels that bots need to be banned, perhaps they need to be 18 years old too, before they can access porn. I am not sure if porn sites will appreciate Goggle-bot being banned from their sites. I love the idea that the word 'algorithms' has been elevated to some sort of living entity.

It all smacks of being written by people who don't know what they are talking about.

In a quick read I thought the following paragraph was important:

9. In the interests of data minimisation and data protection, the BBFC does not require that age-verification arrangements maintain data for the purposes of providing an audit trail in order to meet the requirements of the act.

It rather suggests that the BBFC pragmatically accept that convenience and buy-in from porn-users is more important than making life dangerous for everybody, just n case a few teenagers get hold of an access code.

 

 

The new UK porn censor lays out its stall...

The BBFC launches a new website


Link Here 11th October 2018
There's loads of new information today about the upcoming internet porn censorship regime to be coordinated by the BBFC.

The BBFC has launched a new website, ageverificationregulator.com , perhaps to distance itself a bit from its film censorship work.

The BBFC has made a few changes to its approach since the rather ropey document published prior to the BBFC's public consultation. In general the BBFC seems a little more pragmatic about trying to get adult porn users to buy into the age verification way of thinking. The BBFC seems supportive of the anonymously bought porn access card from the local store, and has taken a strong stance against age verification providers who reprehensibly want to record people's porn browsing, claiming a need to provide an audit trail.

The BBFC has also decided to offer a service to certify age verification providers in the way that they protect people's data. This is again probably targeted at making adult porn users a bit more confident in handing over ID.

The BBFC tone is a little bit more acknowledging of people's privacy concerns, but it's the government's law being implemented by the BBFC, that allows the recipients of the data to use it more or less how they like. Once you tick the 'take it or leave it' consent box allowing the AV provider 'to make your user experience better' then they can do what they like with your data (although GDPR does kindly let you later withdraw that consent and see what they have got on you).

Another theme that runs through the site is a rather ironic acceptance that, for all the devastation that will befall the UK porn industry, for all the lives ruined by people having their porn viewing outed, for all the lives ruined by fraud and identity theft, that somehow the regime is only about stopping young children 'stumbling on porn'... because the older, more determined, children will still know how to find it anyway.

So the BBFC has laid out its stall, and its a little more conciliatory to porn users, but I for one will never hand over any ID data to anyone connected with a servicing porn websites. I suspect that many others will feel the same. If you can't trust the biggest companies in the business with your data, what hope is there for anyone else.

There's no word yet on when all this will come into force, but the schedule seems to be 3 months after the BBFC scheme has been approved by Parliament. This approval seems scheduled to be debated in Parliament in early November, eg on 5th November there will be a House of Lords session:

Implementation by the British Board of Film Classification of age-verifications to prevent children accessing pornographic websites 203 Baroness Benjamin Oral questions

So the earliest it could come into force is about mid February.

 

 

A significant number of responses raised concerns about the introduction of age-verification...

BBFC publishes its summary of the consultation repsonses


Link Here11th October 2018

BBFC Executive Summary

The British Board of Film Classification was designated as the age-verification regulator under Part 3 of the Digital Economy Act on 21 February 2018. The BBFC launched its consultation on the draft Guidance on Age-verification Arrangements and draft Guidance on Ancillary Service Providers on 26 March 2018. The consultation was available on the BBFC's website and asked for comments on the technical aspects on how the BBFC intends to approach its role and functions as the age-verification regulator. The consultation ran for 4 weeks and closed on 23 April 2018, although late submissions were accepted until 8 May 2018.

There were a total of 624 responses to the consultation. The vast majority of those (584) were submitted by individuals, with 40 submitted by organisations. 623 responses were received via email, and one was received by post. Where express consent has been given for their publication, the BBFC has published responses in a separate document. Response summaries from key stakeholders are in part 4 of this document.

Responses from stakeholders such as children's charities, age-verification providers and internet service providers were broadly supportive of the BBFC's approach and age-verification standards. Some responses from these groups asked for clarification to some points. The BBFC has made a number of amendments to the guidance as a result. These are outlined in chapter 2 of this document. Responses to questions raised are covered in chapter 3 of this document.

A significant number of responses, particularly from individuals and campaign groups, raised concerns about the introduction of age-verification, and set out objections to the legislation and regulatory regime in principle. Issues included infringement of freedom of expression, censorship, problematic enforcement powers and an unmanageable scale of operation. The government's consultation on age-verification in 2016 addressed many of these issues of principle. More information about why age-verification has been introduced, and the considerations given to the regulatory framework and enforcement powers can be found in the 2016 consultation response by the Department for Digital Culture Media and Sport1.

 

 

Campaign: ResistAV...

Pandora Blake and Myles Jack launch a new campaigning website to raise funds for a challenge to the government's upcoming internet porn censorship regime


Link Here11th September 2018

Niche porn producer, Pandora Blake, Misha Mayfair, campaigning lawyer Myles Jackman and Backlash are campaigning to back a legal challenge to the upcoming internet porn censorship regime in the UK. They write on a new ResistAV.com website:

We are mounting a legal challenge.

Do you lock your door when you watch porn 203 or do you publish a notice in the paper? The new UK age verification law means you may soon have to upload a proof of age to visit adult sites. This would connect your legal identity to a database of all your adult browsing. Join us to prevent the damage to your privacy.

The UK Government is bringing in age verification for adults who want to view adult content online; yet have failed to provide privacy and security obligations to ensure your private information is securely protected.

The law does not currently limit age verification software to only hold data provided by you just in order to verify your age. Hence, other identifying data about you could include anything from your passport information to your credit card details, up to your full search history information. This is highly sensitive data.

What are the Privacy Risks?

Data Misuse - Since age verification providers are legally permitted to collect this information, what is to stop them from increasing revenue through targeting advertising at you, or even selling your personal data?

Data Breaches - No database is perfectly secure, despite good intentions. The leaking or hacking of your sensitive personal information could be truly devastating. The Ashley Madison hack led to suicides. Don't let the Government allow your private sexual preferences be leaked into the public domain.

What are we asking money for?

We're asking you to help us crowdfund legal fees so we can challenge the new age verification rules under the Digital Economy Act 2017. We re asking for 2£10,000 to cover the cost of initial legal advice, since it's a complicated area of law. Ultimately, we'd like to raise even more money, so we can send a message to Government that your personal privacy is of paramount importance.

 

 

PortesCard...

Pornhub partners with anonymous system based on retailers verifying ages without recording ID


Link Here8th September 2018
Pornhub's Age verification system AgeID has announced an exclusive partnership with OCL and its Portes solution for providing anonymous face-to-face age verification solution where retailers OK the age of customers who buy a card enabling porn access. The similar AVSecure scheme allows over 25s to buy the access card without showing any ID but may require to see unrecorded ID from those appearing less than 25.

According to the company, the PortesCard is available to purchase from selected high street retailers and any of the U.K.'s 29,000 PayPoint outlets as a voucher. Each PortesCard will cost £4.99 for use on a single device, or £8.99 for use across multiple devices. This compares with £10 for the AVSecure card.

Once a card or voucher is purchased, its unique validation code must be activated via the Portes app within 24 hours before expiring. Once the user has been verified they will automatically be granted access to all adult sites using AgeID. Maybe this 24 hour limit is something to do with an attempt to restrict secondary sales of porn access codes by ensuring that they get tied to devices almost immediately. It all sounds a little hasslesome.

As an additional layer of protection, parents can quickly and simply block access on their children's devices to sites using Portes, so PortesCards cannot be associated with AgeID.

But note that an anonymously bought card is not quite a 100% safe solution. One has to consider whether if the authorities get hold of a device whether the can then see a complete history of all websites accessed using the app or access code. One also has to consider whether someone can remotely correlate an 'anonymous' access code with all the tracking cookies holding one's id.

 

 

Offsite Article: Time Magazine reports on the current status...


Link Here 22nd August 2018
The U.K. Is About To Censor Online Porn, and Free Speech Advocates Are Alarmed

See article from time.com

 

 

Howe gets animated by anime...

Elspeth Howe reveals more of the internal government debate that is delaying the BBFC internet porn censorship guidelines


Link Here 8th August 2018
Elspeth Howe, a member of the House of Lords, has written an article in the Telegraph outlining her case that the remit for the BBFC to censor internet porn sites should be widened to include a wider range of material that she does not like.

This seems to tally with other recent news that the CPS is reconsidering its views on what pornographic content should be banned from publication in Britain.

Surely these debates are related to the detailed guidelines to be used by the BBFC when either banning porn sites, or else requiring them to implement strict age verification for users. It probably explains why the Telegraph recently reported that the publication of the final guidelines has been delayed until at least the autumn.


Categories of Porn

For clarity the categories of porn being discussed are as follows:
 

  Current   Proposed
offline online   offline online
Softcore 18 BBFC uncutBBFC uncut BBFC uncutBBFC uncut
Hardcore R18  BBFC uncut BBFC uncutBBFC uncut BBFC uncut
Beyond R18
(proposal by CPS)
bannedBBFC uncut BBFC uncutBBFC uncut
Cartoon child porn
(proposal by Howe))
banned BBFC uncutbanned banned
Extreme porn bannedbanned bannedbanned
Child porn banned bannedbanned banned
  • Softcore porn rated 18 under BBFC guidelines

    - Will be allowed subject to strict age verification
     
  • Vanilla hardcore porn rated R18 under current BBFC guidelines

    - Will be allowed subject to strict age verification
     
  • Beyond R18 hardcore porn that includes material historically banned by the CPS claiming obscenity, ie fisting, golden showers, BDSM, female ejaculation, and famously from a recent anti censorship campaign, face sitting/breath play. Such material is currently cut from R18s.

    - Such content will be allowed under the current Digital Economy Act for online porn sites
    - This category is currently banned for offline sales in the UK, but the CPS has just opened a public consultation on its proposal to legalise such content, as long as it is consensual. Presumably this is related to the government's overarching policy: What's illegal offline, is illegal online.
     
  • Extreme Porn as banned from possession in the UK under the Dangerous Pictures Act. This content covers, bestiality, necrophilia, realistic violence likely to result in serious injury, realistic rape

    - This content is illegal to possess in the UK and any websites with such content will be banned by the BBFC regardless of age verification implementation
     
  • Cartoon Porn depicting under 18s

    - This content is banned from possession in the UK but will be allowed online subject to age verification requirements
     
  • Photographic child porn

    This is already totally illegal in the UK on all media. Any foreign websites featuring such content are probably already being blocked by ISPs using lists maintained by the IWF. The BBFC will ban anything it spots that may have slipped through the net.


'What's illegal offline, is illegal online'

Elspeth Howe writes:

I very much welcome part three of the Digital Economy Act 2017 which requires robust age verification checks to protect children from accessing pornography. The Government deserves congratulations for bringing forward this seminal provision, due to come into effect later this year.

The Government's achievement, however, has been sadly undermined by amendments that it introduced in the House of Lords, about which there has been precious little public debate. I very much hope that polling that I am placing in the public domain today will facilitate a rethink.

When the Digital Economy Bill was introduced in the Lords, it proposed that legal pornography should be placed behind robust age verification checks. Not surprisingly, no accommodation for either adults or children was made for illegal pornography, which encompasses violent pornography and child sex abuse images.

As the Bill passed through the Lords, however, pressure was put on the Government to allow adults to access violent pornography, after going through age-verification checks, which in other contexts it would be illegal to supply. In the end the Government bowed to this pressure and introduced amendments so that only one category of illegal pornography will not be accessible by adults.

[When  Howe mentions violent pornography she is talking about the Beyond R18 category, not the Extreme Porn category, which will be the one category mentioned that will not be accessible to adults].

The trouble with the idea of banning Beyond R18 pornography is that Britain is out of step with the rest of the world. This category includes content that is ubiquitous in most of the major porn websites in the world. Banning so much content would be simply be impractical. So rather than banning all foreign porn, the government opted to remove the prohibition of Beyond R18 porn from the original bill.

Another category that has not hitherto come to attention is the category of cartoon porn that depicts under 18s. The original law that bans possession of this content seemed most concerned about material that was near photographic, and indeed may have been processed from real photos. However the law is of most relevance in practical terms when it covers comedic Simpsons style porn, or else Japanese anime often featuring youthful, but vaguely drawn cartoon characters in sexual scenes.

Again there would be problems of practicality of banning foreign websites from carry such content. All the major tube sites seems to have a section devoted to Hentai anime porn which edges into the category.

In July 2017, Howe introduced a bill that would put Beyond R18 and Cartoon Porn back into the list of prohibited material in the Digital Economy Act. The bill is titled the Digital Economy Act 2017 (Amendment) (Definition of Extreme Pornography) Bill and is still open, but further consideration in Parliament has stalled, presumably as the Government itself is currently addressing these issues.

The bill adds in to the list of prohibitions any content that has been refused a BBFC certificate or would be refused a certificate if it were to be submitted. This would catch both the Beyond Porn and Cartoon Porn categories.

The government is very keen on its policy mantra: What's illegal offline, is illegal online and it seems to have addressed the issue of Beyond 18 material being illegal offline but legal online. The government is proposing to relax its own obscenity rules so that Beyond R18 material will be legalised, (with the proviso that the porn is consensual). The CPS has published a public consultation with this proposal, and it should be ready for implementation after the consultation closes on 17th October 2018.

Interestingly Howe seems to have dropped the call to ban Beyond R18 material in her latest piece, so presumably she has accepted that Beyond R18 material will soon be classifiable by the BBFC, and so not an issue for her bill.


Still to be Addressed

That still leaves the category of Cartoon Porn to be addressed. The current Digital Economy Act renders it illegal offline, but legal online. Perhaps the Government has given Howe the nod to rationalise the situation by making banning the likes of Hentai. Hence Howe is initiating a bit of propaganda to support her bill.  She writes:

The polling that I am putting in the public domain specifically addresses the non-photographic child sex abuse images and is particularly interesting because it gauges the views of MPs whose detailed consideration of the Bill came before the controversial Lords amendments were made.

According to the survey, which was conducted by ComRes on behalf of CARE, a massive 71% of MPs, rising to 76% of female MPs, stated that they did not believe it was right for the Digital Economy Act to make non-photographic child sex abuse images available online to adults after age verification checks. Only 5% of MPs disagreed.

There is an opportunity to address this as part of a review in the next 18 months, but things are too serious to wait .The Government should put matters right now by adopting my very short, but very important two-clause Digital Economy Act (Amendment) (Extreme Pornography) Bill which would restore the effect of the Government's initial prohibition of this material.

I -- along with 71 per cent of MPs -- urge the Government to take action to ensure that the UK's internet does not endorse the sexual exploitation of children.

I haven't heard of this issue being discussed before and I can't believe that anybody has much of an opinion on the matter. Presumably therefore, the survey presented out of the blue with the questions being worded in such a way as to get the required response. Not unusual, but surely it shows that someone is making an effort to generate an issue where one didn't exists before. Perhaps an indication that Howe's solution is what the authorities have decreed will happen.

 

 

Unfinished business...

Open Rights Group comments on the missed milestone of publishing final age verification guidelines before Parliament's summer recess


Link Here 5th August 2018

MPs left behind unfinished business when they broke for summer recess, and we aren't talking about Brexit negotiations. The rollout of mandatory age verification (AV) technology for adult websites is being held up once again while the Government mulls over final details. AV tech will create highly sensitive databases of the public's porn watching habits, and Open Rights Groups submitted a report warning the proposed privacy protections are woefully inadequate. The Government's hesitation could be a sign they are receptive to our concerns, but we expect their final guidance will still treat privacy as an afterthought. MPs need to understand what's at stake before they are asked to approve AV guidelines after summer.

AV tools will be operated by private companies, but if the technology gets hacked and the personal data of millions of British citizens is breached, the Government will be squarely to blame. By issuing weak guidelines, the Government is begging for a Cambridge Analytica-style data scandal. If this technology fails to protect user privacy, everybody loses. Businesses will be damaged (just look at Facebook), the Government will be embarrassed, and the over 20 million UK residents who view porn could have their private sexual preferences exposed. It's in everybody's interest to fix this. The draft guidance lacks even the basic privacy protections required for other digital tools like credit card payments and email services. Meanwhile, major data breaches are rocking international headlines on a regular basis. AV tech needs a dose of common sense.

 

 

BBFC: Age Verification We Don't Trust...

BBFC boss writes a 'won't somebody think of the children' campaigning piece in support of the upcoming porn censorship law, disgracefully from behind a paywall


Link Here 22nd July 2018
David Austin as penned what looks like an official BBFC campaigning piece trying to drum up support for the upcoming internet porn censorship regime. Disgracefully the article is hidden behind a paywall and is restricted to Telegraph paying subscribers.

Are children protected by endangering their parents or their marriage?

The article is very much a one sided piece, focusing almost entirely on the harms to children. It says nothing about the extraordinary dangers faced by adults when handing over personal identifying data to internet companies. Not a word about the dangers of being blackmailed, scammed or simply outed to employers, communities or wives, where the standard punishment for a trivial transgression of PC rules is the sack or divorce.

Austin speaks of the scale of the internet business and the scope of the expected changes. He writes:

There are around five million pornographic websites across the globe. Most of them have no effective means of stopping children coming across their content. It's no great surprise, therefore, that Government statistics show that 1.4 million children in the UK visited one of these websites in one month.

...

The BBFC will be looking for a step change in the behaviour of the adult industry. We have been working with the industry to ensure that many websites carry age-verification when the law comes into force.

...

Millions of British adults watch pornography online. So age-verification will have a wide reach. But it's not new. It's been a requirement for many years for age-restricted goods and services, including some UK hosted pornographic material.

I guess at this last point readers will be saying I never knew that. I've never come across age verification ever before. But the point here is these previous rules devastated the British online porn industry and the reason people don't ever come across it, is that there are barely any British sites left.

Are children being protected by impoverishing their parents?

Not that any proponents of age verification could care less about British people being able to make money. Inevitably the new age verification will further compound the foreign corporate monopoly control on yet another internet industry.

Having lorded over a regime that threatens to devastate lives, careers and livelihoods, Austin ironically notes that it probably won't work anyway:

The law is not a silver bullet. Determined, tech-savvy teenagers may find ways around the controls, and not all pornography online will be age-restricted. For example, the new law does not require pornography on social media platforms to be placed behind age-verification controls.

 

 

Whatever happened to...

The BBFC consultation on UK internet porn censorship


Link Here 17th July 2018
Nobody seems to have heard much about the progress of the BBFC consultation about the process to censor internet porn in the UK.

The sketchy timetable laid out so far suggests that the result of the consultation should be published prior to the Parliamentary recess scheduled for 26th July. Presumably this would provide MPs with some light reading over their summer hols ready for them to approve as soon as the hols are over.

Maybe this publication may have to be hurried along though, as pesky MPs are messing up Theresa May's plans for a non-Brexit, and she would like to send them packing a week early before they can cause trouble. ( Update 18th July . The early holidays idea has now been shelved).

The BBFC published meeting minutes this week that mentions the consultation:

The public consultation on the draft Guidance on Age Verification Arrangements and the draft Guidance on Ancillary Service Providers closed on 23 April. The BBFC received 620 responses, 40 from organisations and 580 from individuals. Many of the individual responses were encouraged by a campaign organised by the Open Rights Group.

Our proposed response to the consultation will be circulated to the Board before being sent to DCMS on 21 May.

So assuming that the response was sent to the government on the appointed day then someone has been sitting on the results for quite a long time now.

Meanwhile its good to see that people are still thinking about the monstrosity that is coming our way. Ethical porn producer Erica Lust has been speaking to News Internationalist. She comments on the way the new law will compound MindGeek's monopolitistc dominance of the online porn market:

The age verification laws are going to disproportionately affect smaller low-traffic sites and independent sex workers who cannot cover the costs of installing age verification tools.

It will also impact smaller sites by giving MindGeek even more dominance in the adult industry. This is because the BBFC draft guidance does not enforce sites to offer more than one age verification product. So, all of MindGeeks sites (again, 90% of the mainstream porn sites) will only offer their own product; Age ID. The BBFC have also stated that users do not have to verify their age on each visit if access is restricted by password or a personal ID number. So users visiting a MindGeek site will only have to verify their age once using AgeID and then will be able to login to any complying site without having to verify again. Therefore, viewers will be less likely to visit competitor sites not using the AgeID technology, and simultaneously competitor sites will feel pressured to use AgeID to protect themselves from losing viewers.

...Read the full  article from newint.org

 

 

Healthy scepticism...

Pandora Blake suggests that there have been about 750 responses to its consultation on age verification requirements for porn sites


Link Here28th May 2018

Age verification has been hanging over us for several years now - and has now been put back to the end of 2018 after enforcement was originally planned to start last month.

I'm enormously encouraged by how many people took the opportunity to speak up and reply to the BBFC consultation on the new regulations .

Over 500 people submitted a response using the tool provided by the Open Rights Group , emphasising the need for age verification tech to be held to robust privacy and security standards.

I'm told that around 750 consultation responses were received by the BBFC overall, which means that a significant majority highlighted the regulatory gap between the powers of the BBFC to regulate adult websites, and the powers of the Information Commissioner to enforce data protection rules.

 

 

Offsite Article: UK push for porn passes raises privacy and data concerns...


Link Here28th May 2018
Age verification requirement has raised fears about privacy, and concerns that independent providers will suffer disproportionately.

See article from wikitribune.com

 

 

Pornhub blows a raspberry at the BBFC...

And introduces a free VPN to short circuit UK porn censorship


Link Here 25th May 2018
Pornhub, the dominant force amongst the world's porn websites, has sent a challenge to the BBFC's porn censorship regime by offering a free workaround to any porn viewer who would prefer to hide their tracks rather then open themselves up to the dangers of offering up their personal ID to age verifiers.

And rather bizarrely Pornhub are one of the companies offering age verification services to  porn sites who want to comply with UK age verification requirements.

Pornhub describes its VPN service with references to UK censorship:

Browse all websites anonymously and without restrictions.

VPNhub helps you bypass censorship while providing secure and private access to Internet. Access all of your favorite websites without fear of being monitored.

Hide your information and surf the Internet without a trace.

Enjoy the pleasure of protection with VPNhub. With full data encryption and guaranteed anonymity, go with the most trusted VPN to protect your privacy anywhere in the world.

Free and Unlimited

Enjoy totally free and unlimited bandwidth on your device of choice.

 

 

Newsagents to sell 'porn passes'...

The press picks up on the age verification offering from AVSecure that offers anonymous porn browsing


Link Here 14th May 2018
Adults who want to watch online porn (or maybe by adults only products such as alcohol) will be able to buy codes from newsagents and supermarkets to prove that they are over 18 when online.

One option available to the estimated 25 million Britons who regularly visit such websites will be a 16-digit code, dubbed a 'porn pass'.

While porn viewers will still be able to verify their age using methods such as registering credit card details, the 16-digit code option would be a fully anonymous option. According to AVSecure's the cards will be sold for £10 to anyone who looks over 18 without the need for any further identification. It doesn't say on the website, but presumably in the case where there is doubt about a customer's age, then they will have to show ID documents such as a passport or driving licence, but hopefully that ID will not have to be recorded anywhere.

It is hope he method will be popular among those wishing to access porn online without having to hand over personal details to X-rated sites.

The user will type in a 16 digit number into websites that belong to the AVSecure scheme. It should be popular with websites as it offers age verification to them for free (with the £10 card fee being the only source of income for the company). This is a lot better proposition for websites than most, if not all, of the other age verification companies.

AVSecure also offer an encrypted implementation via blockchain that will not allow websites to use the 16 digit number as a key to track people's website browsing. But saying that they could still use a myriad of other standard technologies to track viewers.

The BBFC is assigned the task of deciding whether to accredit different technologies and it will be very interesting to see if they approve the AVSecure offering. It is easily the best solution to protect the safety and privacy of porn viewers, but it maybe will test the BBFC's pragmatism to accept the most workable and safest solution for adults which is not quite fully guaranteed to protect children. Pragmatism is required as the scheme has the technical drawback of having no further checks in place once the card has been purchased. The obvious worry is that an over 18s can go around to other shops to buy several cards to pass on to their under 18 mates. Another possibility is that kids could stumble on their parent's card and get access. Numbers shared on the web could be easily blocked if used simultaneously from different IP addresses.

 

 

The government is acting negligently on privacy and porn AV...

Top of our concerns was the lack of privacy safeguards to protect the 20 million plus users who will be obliged to use Age Verification tools to access legal content.


Link Here8th May 2018

We asked the BBFC to tell government that the legislation is not fit for purpose, and that they should halt the scheme until privacy regulation is in place. We pointed out that card payments and email services are both subject to stronger privacy protections that Age Verification.

The government's case for non-action is that the Information Commissioner and data protection fines for data breaches are enough to deal with the risk. This is wrong: firstly because fines cannot address the harm created by the leaking of people's sexual habits. Secondly, it is wrong because data breaches are only one aspect of the risks involved.

We outlined over twenty risks from Age Verification technologies. We pointed out that Age Verification contains a set of overlapping problems. You can read our list below. We may have missed some: if so, do let us know.

The government has to act. It has legislated this requirement without properly evaluating the privacy impacts. If and when it goes wrong, the blame will lie squarely at the government's door.

The consultation fails to properly distinguish between the different functions and stages of an age verification system. The risks associated with each are separate but interact. Regulation needs to address all elements of these systems. For instance:

  • Choosing a method of age verification, whereby a user determines how they wish to prove their age.

  • The method of age verification, where documents may be examined and stored.

  • The tool's approach to returning users, which may involve either:

    • attaching the user's age verification status to a user account or log-in credentials; or

    • providing a means for the user to re-attest their age on future occasions.

  • The re-use of any age verified account, log-in or method over time, and across services and sites.

The focus of attention has been on the method of pornography-related age verification, but this is only one element of privacy risk we can identify when considering the system as a whole. Many of the risks stem from the fact that users may be permanently 'logged in' to websites, for instance. New risks of fraud, abuse of accounts and other unwanted social behaviours can also be identified. These risks apply to 20-25 million adults, as well as to teenagers attempting to bypass the restrictions. There is a great deal that could potentially go wrong.

Business models, user behaviours and potential criminal threats need to be taken into consideration. Risks therefore include:

Identity risks

  • Collecting identity documents in a way that allows them to potentially be correlated with the pornographic content viewed by a user represents a serious potential risk to personal and potentially highly sensitive data.

Risks from logging of porn viewing

  • A log-in from an age-verified user may persist on a user's device or web browser, creating a history of views associated with an IP address, location or device, thus easily linked to a person, even if stored 'pseudonymously'.

  • An age verified log-in system may track users across websites and be able to correlate tastes and interests of a user visiting sites from many different providers.

  • Data from logged-in web visits may be used to profile the sexual preferences of users for advertising. Tool providers may encourage users to opt in to such a service with the promise of incentives such as discounted or free content.

  • The current business model for large porn operations is heavily focused on monetising users through advertising, exacerbating the risks of re-use and recirculation and re-identification of web visit data.

  • Any data that is leaked cannot be revoked, recalled or adequately compensated for, leading to reputational, career and even suicide risks.

Everyday privacy risks for adults

  • The risk of pornographic web accounts and associated histories being accessed by partners, parents, teenagers and other third parties will increase.

  • Companies will trade off security for ease-of-use, so may be reluctant to enforce strong passwords, two-factor authentication and other measures which make it harder for credentials to leak or be shared.

  • Everyday privacy tools used by millions of UK residents such as 'private browsing' modes may become more difficult to use to use due to the need to retain log-in cookies, increasing the data footprint of people's sexual habits.

  • Some users will turn to alternative methods of accessing sites, such as using VPNs. These tools have their own privacy risks, especially when hosted outside of the EU, or when provided for free.

Risks to teenagers' privacy

  • If age-verified log-in details are acquired by teenagers, personal and sexual information about them may become shared including among their peers, such as particular videos viewed. This could lead to bullying, outing or worse.

  • Child abusers can use access to age verified accounts as leverage to create and exploit a relationship with a teenager ('grooming').

  • Other methods of obtaining pornography would be incentivised, and these may carry new and separate privacy risks. For instance the BitTorrent network exposes the IP addresses of users publicly. These addresses can then be captured by services like GoldenEye, whose business model depends on issuing legal threats to those found downloading copyrighted material. This could lead to the pornographic content downloaded by young adults or teenagers being exposed to parents or carers. While copyright infringement is bad, removing teenagers' sexual privacy is worse. Other risks include viruses and scams.

Trust in age verification tools and potential scams

  • Users may be obliged to sign up to services they do not trust or are unfamiliar with in order to access specific websites.

  • Pornographic website users are often impulsive, with lower risk thresholds than for other transactions. The sensitivity of any transactions involved gives them a lower propensity to report fraud. Pornography users are therefore particularly vulnerable targets for scammers.

  • The use of credit cards for age verification in other markets creates an opportunity for fraudulent sites to engage in credit card theft.

  • Use of credit cards for pornography-related age verification risks teaching people that this is normal and reasonable, opening up new opportunities for fraud, and going against years of education asking people not to hand card details to unknown vendors.

  • There is no simple means to verify which particular age verification systems are trustworthy, and which may be scams.

Market related privacy risks

  • The rush to market means that the tools that emerge may be of variable quality and take unnecessary shortcuts.

  • A single pornography-related age verification system may come to dominate the market and become the de-facto provider, leaving users no real choice but to accept whatever terms that provider offers.

  • One age verification product which is expected to lead the market -- AgeID -- is owned by MindGeek, the dominant pornography company online. Allowing pornographic sites to own and operate age verification tools leads to a conflict of interest between the privacy interests of the user, and the data-mining and market interests of the company.

  • The online pornography industry as a whole, including MindGeek, has a poor record of privacy and security, littered with data breaches. Without stringent regulation prohibiting the storage of data which might allow users' identity and browsing to be correlated, there is no reason to assume that data generated as a result of age verification tools will be exempt from this pattern of poor security.

 

 

Offsite Article: Expect a schoolyard black market in adult login-codes...


Link Here24th April 2018
The Economist does a piece on porn age verification and quotes some bollox from the BBFC about the requirements not making life harder for adult porn viewers

See article from economist.com

 

 

When have internet companies ever followed 'best practice'?...

Response to the BBFC consultation on UK internet porn censorship


Link Here23rd April 2018
Re Guidance on Age-Verification Arrangements

I agree with the BBFC's Approach as set out in Chapter 2

Re Age-verification Standards set out in Chapter 3

4. This guidance also outlines good practice in relation to age-verification to encourage consumer choice and the use of mechanisms that confirm age but not identity.

I think you should point out to porn viewers that your ideas on good practice are in no way enforceable on websites. You should not mislead porn viewers into thinking that their data is safe because of the assumption that websites will follow best practice. They may not.

5c. A requirement that either a user age-verify each visit or access is restricted by controls, manual or electronic, such as, but not limited to, password or personal identification numbers

This is a very glib sentence that could be the make or break of user acceptability of age verification.

This is not like watching films on Netflix, ie entering a PIN and watching a film. Viewing porn is more akin to browsing, hopping from one website to another, starting a film, quickly deciding it is no good and searching for another, maybe on a different site. Convenient browsing requires that a verification is stored for at least a reasonable time in a cookie. So that it can be access automatically by all websites using the same verification provider (or even different verification providers if they could get together to arrange this).

At the very least the BBFC should make a clearer statement about persistence of PINs or passwords and whether it is acceptable to maintain valid verifications in cookies.(or age verifier databases). The Government needs adults to buy into age verification. If the BBFC get too fussy about eliminating the risk that under 18s could view porn then the whole system could become too inconvenient for adults to be bothered with, resulting in a mass circumvention of the system with lots of information in lots of places about how and where porn could be more easily obtained. The under 18s would probably see this too, and so this would surely diminish the effectiveness of the whole idea. The very suggestion that users age verify each visit suggests that the BBFC is simply not on the right wavelength for a viable solution. Presumably not much thought has been put into specifying advance requirements, and that instead the BBFC will consider the merits of proposals as they arise. The time scales for enactment of the law should therefore allow for technical negotiations between developers and the BBFC about how each system should work.

5d. the inclusion of measures that are effective at preventing use by non-human operators including algorithms

What a meaningless statement, surely the age verification software process itself will be non human working on algorithms. Do bots need to be protected from porn? Are you saying that websites should not allow their sites to be accessed by Google's search engine bots? Unless there is an element of repeat access, a website does not really know that it is being accessed by a bot or a human. I think you probably have a more specific restriction in mind, and this has not been articulated in this vague and meaningless statement

7. Although not a requirement under section 14(1) the BBFC recommends that age-verification providers adopt good practice in the design and implementation of their solutions. These include solutions that: include clear information for end-users on data protection

When have websites or webs services ever provided clear information about data protection? The most major players of the internet refuse to provide clear information, eg Facebook or Google.

9. During the course of this age-verification assessment, the BBFC will normally be able to identify the following in relation to data protection compliance concerns: failure to include clear information for end-users on data protection and how data is used; and requesting more data than is necessary to confirm age, for example, physical location information.

Excellent! This would be good added value from the BBFC At the very least the BBFC should inform porn viewers that for foreign non-EU sites, there will be absolutely no data protection, and for EU websites, once users give their consent then the websites can do more or less anything with the data.

10. The BBFC will inform the Information Commissioner's Office where concerns arise during its assessment of the age-verification effectiveness that the arrangement does not comply with data protection legislation. The ICO will consider if further investigation is appropriate. The BBFC will inform the online commercial pornography provider(s) that it has raised concerns with the ICO.

Perhaps the BBFC could make it clear to porn users, the remit of the ICO over non-EU porn sites, and how the BBFC will handle these issues for a non-EU website.

Re Data Protection and the Information Commissioner's Office

The world's major websites such as Facebook that follow all the guidelines noted in this section but end up telling you nothing about how your data is used, I don't suppose porn sites will be any more open.

3b Where an organisation processing personal data is based outside the EU, an EU-based representative must be appointed and notified to the individual

Will the BBFC block eg a Russian website that complies with age verification by requiring credit card payments but has no EU representative? I think the BBFC/ICO needs to add a little bit more about data protection for websites and services outside of the EU. Porn viewers need to know.

General

Perhaps the BBFC could keep a FAQ for porn viewers eg Does the UK vetting service for people working with children have access to age verification data used for access to porn sites?

 

 

Don't forget the BBFC age verification consultation ends on Monday...

Note that BBFC has now re-opened its web pages with the consultation details


Link Here20th April 2018
The BBFC is consulting on its procedures for deciding if porn websites have implemented adequately strictly such that under 18s won't normally be able to access the website. Any websites not complying will be fined/blocked and/or pressurised by hosting/payment providers and advertisers who are willing to support the BBFC censorship.

Now I'm sure that the BBFC will diligently perform their duties with fairness and consideration for all, but the trouble is that all the horrors of scamming, hacking, snooping, blackmail, privacy etc are simply not the concern of the BBFC. It is pointless to point out how the age verification will endanger porn viewers, it is not in their remit.

If a foreign website were to implement strict age verification and then pass over all the personal details and viewing habits straight to its blackmail, scamming and dirty tricks department, then this will be perfectly fine with the BBFC. It is only their job to ensure that under 18s won't get through the ID checking.

There is a little privacy protection for porn websites with a presence in the EU, as the new GDPR rues have some generic things to say about keeping data safe. However these are mostly useless if you give your consent to the websites to use your data as they see fit. And it seems pretty easy to get consent for just about anything just be asking people to tick a box, or else not be allowed to see the porn. For example, Facebook will still be allowed to slurp all you personal data even within the constraints of GDPR, so will porn websites.

As a porn viewer, the only person who will look after you, is yourself.

The woeful flaws of this bill need addressing (by the government rather than the BBFC). We need to demand of the government: Don't save the children by endangering their parents.

At the very least we need a class of critically private data that websites simply must not use, EVER, under any circumstances, for any reason, and regardless of nominal user consent. Any company that uses this critically private data must be liable to criminal prosecution.

Anyway there have been a few contributions to the debate in the run up to the end of the BBFC consultation.

The Digital Economy Act -- The Truth: AgeID

20th April 2018. See  article from cbronline.com

AgeID says it wants to set the record straight on user data privacy under pending UK smut age check rules. As soon as a customer enters their login credentials, AgeID anonymises them. This ensures AgeID does not have a list of email addresses. We cannot market to them, we cannot even see them

[You always have to be a bit sceptical about claims that anonymisation protects your data. Eg if Facebook strips off your name and address and then sells your GPS track as 'anonymised', when in fact your address and then name can be restored by noting that you spend 12 hours a day at 32 Acacia avenue and commute to work at Snoops R Us. Perhaps more to the point of PornHub, may indeed not know that it was Damian@Green.com that hashed to 00000666, but the browsing record of 0000666 will be stored by PornHub anyway. And when the police come along and find from the ID company that Damian@Green.com hashes to 0000666 then the can simply ask PornHub to reveal the browsing history of 0000666.

Tell the BBFC that age verification will do more harm than good

20th April 2018. See  article from backlash.org.uk

MindGeek's age verification solution, AgeID, will inevitably have broad takeup due to their using it on their free tube sites such as PornHub. This poses a massive conflict of interest: advertising is their main source of revenue, and they have a direct profit motive to harvest data on what people like to look at. AgeID will allow them to do just that.

MindGeek have a terrible record on keeping sensitive data secure, and the resulting database will inevitably be leaked or hacked. The Ashley Madison data breach is a clear warning of what can happen when people's sex lives are leaked into the public domain: it ruins lives, and can lead to blackmail and suicide. If this policy goes ahead without strict rules forcing age verification providers to protect user privacy, there is a genuine risk of loss of life.

Update: Marc Dorcel Issues Plea to Participate in U.K. Age-Verification Consultation

20th April 2018. See  article from xbiz.com

French adult content producer Marc Dorcel has issued a plea for industry stakeholders to participate in a public consultation on the U.K.'s upcoming age-verification system for adult content. The consultation period closes on Monday. The studio said the following about participation in the BBFC public consultation:

The time of a wild internet where everyone could get immediate and open access to porn seems to be over as many governments are looking for concrete solutions to control it.

U.K. is the first one to have voted a law regarding this subject and who will apply a total blockage on porn websites which do not age verify and protect minors. Australian, Polish and French authorities are also looking very closely into this issue and are interested in the system that will be elected in the U.K.

BBFC is the organization which will define and manage the operation. In a few weeks, the BBFC will deliver the government its age-verification guidance in order to define and detail how age-verification should comply with this new law.

BBFC wants to be pragmatic and is concerned about how end users and website owners will be able to enact this measure.

The organization has launched an open consultation in order to collect the public and concerned professionals' opinion regarding this matter here .

As a matter of fact, age-verification guideline involves a major challenge for the whole industry: age-verification processor cannot be considered neither as a gateway nor a toll. Moreover, it cannot be an instrument to gather internet users' data or hijack traffic.

Marc Dorcel has existed since 1979 and operates on numerous platforms -- TV, mobile, press, web networks. We are used to regulation authorities.

According to our point of view, the two main requirements to define an independent age-verification system that would not serve specific corporate interests are: 1st requirement -- neither an authenticated adult, nor his data should belong to any processor; 2nd requirement -- processor systems should freely be chosen because of their efficiency and not because of their dominant position.

We are also thinking that our industry should have two requests for the BBFC to insure a system which do not create dependency:

  • Any age-verification processor scope should be limited to a verification task without a user-registration system. As a consequence, processors could not get benefits on any data user or traffic control, customers' verified age would independently be stored by each website or website network and users would have to age verify for any new website or network.

  • If the BBFC allows any age-verification processor to control a visitor data base and to manage login and password, they should commit to share the 18+ login/password to the other certified processors. As a consequence, users would only have one age verification enrollment on their first visit of a website, users would be able to log in with the same login/password on any age verification system to prove their age, and verified adults would not belong to any processor to avoid any dependency.

In those cases, we believe that an age-verification solution will act like a MPSP (multiple payment service provider) which processes client payments but where customers do not belong to payment processors, but to the website and where credit card numbers can be used by any processor.

We believe that any adult company concerned with the future of our business should take part in this consultation, whatever his point of view or worries are.

It is our responsibility to take our fate into our own hands.

 

 

Offsite Podcast: Podcast: Steve Winyard - Age Verification and AV Secure...


Link Here16th April 2018
Perhaps the most hopeful age verification technology where you can be age verified for porn at your local supermarket without providing any ID whatsoever

See article from itsadult.com

 

 

Offsite Article: Porn Age Verification Rules...


Link Here 12th April 2018
Expensive, Ineffective and a Hacker's DelightIncrease. By Vince Warrington, Founder Protective Intelligence

See article from cbronline.com

 

 

A matter of trust...

The BBFC consults about age verification for internet porn, and ludicrously suggests that the data oligarchs can be trusted with your personal identity data because they will follow 'best practice'


Link Here26th March 2018
  
mark zuckerberg grinning

Alexander Nix

vladimir putin

Your data is safe with us.
We will follow 'best practices', honest!
 

The BBFC has launched its public consultation about its arrangements for censoring porn on the internet.

The document was clearly written before the Cambridge Analytica data abuse scandal. The BBFC gullibility in accepting the word of age verification providers and porn websites, that they will look after your data, now rather jars with what we see going on in the real world.

After all European data protection laws allow extensive use of your data, and there are absolutely no laws governing what foreign websites can do with your identity data and porn browsing history.

I think that under the current arrangements, if a Russian website were to hand over identity data and porn browsing history straight over to the Kremlin dirty tricks department, then as long as under 18s would be prohibited, then the BBFC would have to approve that website's age verification arrangements.

Anyway there will be more debate on the subject over the coming month.

The BBFC writes:

Consultation on draft Guidance on Age-Verification Arrangements and draft Guidance on Ancillary Service Providers

Under section 14(1) of the Digital Economy Act 2017, all providers of online commercial pornographic services accessible from the UK will be required to carry age-verification controls to ensure that their content is not normally accessible to children.

This legislation is an important step in making the internet a safer place for children.

The BBFC was designated as the age-verification regulator under Part 3 of the Digital Economy Act 2017 on 21 February 2018.

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish two sets of Guidance: Guidance on Age-verification Arrangements and Guidance on Ancillary Service Providers .

The BBFC is now holding a public consultation on its draft Guidance on Age-Verification Arrangements and its draft Guidance on Ancillary Service Providers. The deadline for responses is the 23 April 2018 .

We will consider and publish responses before submitting final versions of the Guidance to the Secretary of State for approval. The Secretary of State is then required to lay the Guidance in parliament for formal approval. We support the government's decision to allow a period of up to three months after the Guidance is formally approved before the law comes into force, in order to give industry sufficient time to comply with the legislation.

Draft Guidance on Age-verification Arrangements

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish:

"guidance about the types of arrangements for making pornographic material available that the regulator will treat as complying with section 14(1)".

The draft Guidance on Age-Verification Arrangements sets out the criteria by which the BBFC will assess that a person has met with the requirements of section 14(1) of the Act. The draft guidance outlines good practice, such as offering choice of age-verification solutions to consumers. It also includes information about the requirements that age-verification services and online pornography providers must adhere to under data protection legislation and the role and functions of the Information Commissioner's Office (ICO). The draft guidance also sets out the BBFC's approach and powers in relation to online commercial pornographic services and considerations in terms of enforcement action.

Draft Guidance on Ancillary Service Providers

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish: "guidance for the purposes of section 21(1) and (5) about the circumstances in which it will treat services provided in the course of a business as enabling or facilitating the making available of pornographic material or extreme pornographic material".

The draft Guidance on Ancillary Service Providers includes a non-exhaustive list of classes of ancillary service provider that the BBFC will consider notifying under section 21 of the Act, such as social media and search engines. The draft guidance also sets out the BBFC's approach and powers in relation to online commercial pornographic services and considerations in terms of enforcement action.

How to respond to the consultation

We welcome views on the draft Guidance in particular in relation to the following questions:

Guidance on Age-Verification Arrangements

  • Do you agree with the BBFC's Approach as set out in Chapter 2?

  • Do you agree with the BBFC's Age-verification Standards set out in Chapter 3?

  • Do you have any comments with regards to Chapter 4?

The BBFC will refer any comments regarding Chapter 4 to the Information Commissioner's Office for further consideration.

Draft Guidance on Ancillary Service Providers

  • Do you agree with the BBFC's Approach as set out in Chapter 2?

  • Do you agree with the classes of Ancillary Service Provider set out in Chapter 3?

Please submit all responses (making reference to specific sections of the guidance where relevant) and confidentiality forms as email attachments to:

DEA-consultation@bbfc.co.uk

The deadline for responses is 23 April 2018 .

We will consider and publish responses before submitting final versions of the Guidance to the Secretary of State for approval.

Update: Intentionally scary

31st March 2018. From Wake Me Up In Dreamland on twitter.com

The failure to ensure data privacy/ protection in the Age Ver legislation is wholely intentional. Its intended to scare people away from adult material as a precursor to even more web censorship in UK.

 

 

Now that the BBFC has taken on a new role as internet censor...

Will it change its name back to the British Board of Film Censors? The Daily Mail seems to think so


Link Here13th March 2018
The Daily Mail today ran the story that the DCMS have decided to take things a little more cautiously about the privacy (and national security) issues of allowing a foreign porn company to take control of databasing people's porn viewing history.

Anyway there was nothing new in the story but it was interesting to note the Freudian slip of referring to the BBFC as the British Board of Film Censorship.

My idea would be for the BBFC to rename itself with the more complete title, the British Board of Film and Internet Censorship.

 

 

Offsite Article: First words from Britain's new internet porn censor...


Link Here11th March 2018
The BBFC takes its first steps to explain how it will stop people from watching internet porn

See article from bbfc.co.uk




 

melonfarmers icon

Home

Top

Index

Links

Search
 

UK

World

Media

Liberty

Info
 

Film Index

Film Cuts

Film Shop

Sex News

Sex Sells
 


Adult Store Reviews

Adult DVD & VoD

Adult Online Stores

New Releases/Offers

Latest Reviews

FAQ: Porn Legality
 

Sex Shops List

Lap Dancing List

Satellite X List

Sex Machines List

John Thomas Toys