By John Lubbock
The investigatory powers bill has just become law, giving the security services unprecedented powers to spy on the communications data of UK citizens. Now, the government plans to introduce another costly system which will force all websites containing pornography (including Twitter and Reddit) to collect age verification data on their users to ensure that nobody under 18 can view porn online.
How exactly the Age Verification (AV) system will work has still not been decided. At the start of October, the Adult Provider Network, a trade association representing big porn providers, held a technology demonstration where various companies demonstrated their proposed means to implement AV. Proposals included tying AV to your payment card, your social media accounts or your mobile phone accounts.
Alec Muffett, a security engineer and a director of Open Rights Group wrote about how these methods of AV are fundamentally flawed, open to hacking and circumventable by anyone with basic computing skills. One company at the demonstration estimated that 25 million people in Britain would register for the AV network within the first month. Muffett suggests it is a bad idea to habituate so many people into bad security patterns like "normalising the exchange of social media data for porn access, typing your phone number into random websites [and] typing your credit card numbers into random websites".
David Austin, chief executive of the BBFC, the body which will regulate AV, told the bill committee that "research conducted by a UK adult company in relation to age verification on their online content shows that the public is becoming much more accepting of age verification". Many big porn companies appear to believe that AV is inevitable and will legitimise them. The same does not apply for smaller providers like feminist porn producer and campaigner against the bill Pandora Blake, who fear they will be put out of business by the costs of implementing AV.
One of the main supporters of the AV clause of the Bill is Claire Perry, Conservative MP for Devizes. Perry told the committee: "We all feel very strongly that the bill is a brilliant step in the right direction: things that were considered inconceivable four or five years ago can now be debated and legislated for." Her main concern seems to be how the law is enforced.
BBFC head Austin reassured her that while it would not be possible to force overseas porn companies to implement AV, the regulator "would then be able to contact and notify payment providers and ancillary service providers and request that they withdraw services from those pornographic websites".
The suggestion that the BBFC could make PayPal or other payment processing companies stop processing advertising payments to porn companies based on the other side of the world is far-fetched. Austin himself admitted that "there will still be gaps in the regime". For non-compliant websites, the BBFC proposes that ISPs block access to them from UK IP addresses. Clearly they do not believe that any 16 year olds could possibly understand how to use a VPN to switch their perceived internet location to a different country.
The draft bill does not set out the responsibilities of the AV regulator to protect the data they gather. This will create a vast database of the porn browsing habits of every adult in the UK, putting this data at increased risk of hacking, as happened with the leak of information from Ashley Madison, which led to two people taking their lives.
James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and other companies, told the BBC: "It only takes one bad actor to go in there and get the entire database. You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you." Blessing was referring to the collection of internet logs as part of the Investigatory Powers Act, but the same concern applies equally to the digital economy bill.
First with the Investigatory Powers Act and now with the digital economy bill, the UK government has demonstrated a desire to legislate out of knee-jerk populism on something which it fundamentally does not understand, wasting millions of pounds in the process while continuing to make cuts to core public services.
Child protection campaigners such as Perry are expressing an anxiety common to Conservatives who worry about the effects of children being exposed to pornography. However, in their rush to protect children at all costs, they do not seem to grasp the technical issues involved and may be creating a system which could have serious consequences for individual privacy.
John Lubbock is a writer and documentary filmmaker specialising in human rights, privacy, and Middle East relations. His film, 100 Years Later, is available to watch on Vimeo.
The opinions in politics.co.uk's Comment and Analysis section are those of the author and are no reflection of the views of the website or its owners.
-01.png){kind=spacer}