If all goes to plan, from April 2018 anyone in the UK visiting a website deemed pornographic will be asked to verify that they are aged 18 or over before they can proceed.
The plan, proposed as part of the Digital Economy Act in 2016, was formally “commenced” this week by the Minister of State for Digital and Culture, Matt Hancock, who offered surprisingly scant detail on its implementation in comments made to a newspaper website.
It seems likely that the British Board of Film Classification (BBFC) will be empowered to decide what constitutes a pornographic website. As regulator it will also will be given the power to fine publishers up to £250,000 ($325,000) for failing to impose verification, on pain of being blocklisted by local ISPs.
Hancock summed up the Act’s purpose:
All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world.
With anti-censorship and privacy groups up in arms, and network engineers scratching their heads, worries that the law will have unintended consequences are surfacing too.
At its heart is the age verification process, which it seems will involve asking for credit card numbers. This means that people will have to start trusting their personal data to websites whose security they know little about, in situations where their concerns about privacy and anonymity may be higher than usual.
It’s not yet clear whether verification will happen through a single provider or on every site but wherever the data’s kept it will surely be a tempting target for hackers and extortionists. Pornography publishers don’t have a pristine reputation for data security as a number of recent breaches show.
There are also concerns that the move will encourage a market in stolen credit cards re-purposed to access porn sites.
The vast majority of publishers aren’t in the UK which means that enforcing UK Data Protection (DPA) to prevent (or prosecute) a data breach looks a naive hope.
I expect people – not least millions of adults who don’t have a credit card – to turn to VPNs (Virtual Private Networks) or Tor to bypass verification. Both tools allow users to hide their IP address and appear to be in countries other than the UK.
The assumption is, presumably, that children either won’t want to do this or won’t be able to. Good VPNs cost money and paying for them often requires access to a credit card.
Technology has a habit of becoming commoditised over time though. The Tor browser is free and so is Opera, a web browser that comes with a free, integrated proxy-based VPN (i.e. securing only browser traffic) on desktop and mobile. Google’s Wi-Fi Assistant builds the same into Android for its own handsets connecting through public hotspots in the US.
There is another cost to using a VPN though, even a free one: with all your browser traffic flowing through it you end up sharing far more with your VPN provider than you ever do with any individual site. You’d better choose one you trust.
By my reckoning it would only take a modest expansion of free VPNs in the coming years to send the UK Digital Economy Act back to square one.
Would the Government then attempt to filter or legislate against VPNs too? The only government to do that currently on any scale is China, a dismal example for a country such as the UK to follow. Going that far would risk a collapse in support for any legislation.
Meanwhile, pornographic content distributed via social media appears to be a grey area. People access this from within each platform and it’s not clear whether companies would be asked to apply parallel controls.
What is clear is that the UK wants to join a growing list of countries imposing controls on Internet content, including pornography. Campaigners fret that this is really a potential gateway to the eventual imposition of censorship on other kinds of content.
If it is, future governments might one day rue the day. Evasion will grow, as could adult resentment. Telling people what they can and can’t view tends to end in tears.
Anonymous
The heading says it all. With the increasing intrusion to personal privacy, users are starting to have a VPN as a default for all their online activities. It will only be a matter of time before the likes of Google start offering this as a feature where you can choose to use a VPN to connect securely to one of Google’s server for all internet traffic. The user feels like they evade the government eyes but end up providing valuable information to Google. Does these controls really help in any way or is there a much sinister strategy where privacy will become a thing of the past.
Rebane
I can’t see this actually going through successfully
Teens will always find a way, and this will just probably result in a change of which sites they use to get it
My guess would be sites like Reddit and Tumblr are going to be used, as well as social media like Twitter and Snapchat
Even worse, this might lead to people getting Tor, which lets them get to really messed up stuff
Mark Stockley
Note that the Tor browser doesn’t have to be used to access the Dark Web (domain of the “messed up stuff” you’re referring to.) It can be used to access the regular web as a very secure, anonymising browser.
IT Guy
The Digital Economy Act 2016 requires you to verify you are over 18. Please provide a valid credit card number with security code to continue…
RichardD
Presumably you won’t be allowed to see *any* of the site’s content before handing over your (or your parents’) credit card details?
That’s exactly the approach which lead to the disastrous “Operation Ore”, as reported in PC Pro magazine by Duncan Campbell back in 2005. The site in question was set up to provide age verification services to a wide range of porn sites. The vast majority of people handing over their card details didn’t know how nasty the guy running it was. But the fact that they’d handed over their card details was used as “evidence” that they were accessing the more horrendous content listed on the site.
UK ISPs are already required to block access to porn unless the subscriber “opts-in” to viewing it. I can’t see how this approach would be any more effective at stopping children from viewing it.
It’s certainly a problem we need to tackle; but not every problem can be solved by technology alone.
B
“Would the Government then attempt to filter or legislate against VPNs too? The only government to do that currently on any scale is China, a dismal example for a country such as the UK to follow.”
Anyone who has followed UK politics even casually for the past two years would be keenly aware that the government would like nothing more than to follow China’s example…..
Jo Ingensted
From one point of view, this is horrible, from another — it teaches teenagers to think twice about privacy. So probably it’s not that bad thing. (edited to remove link)
Ian Karoz
So, which Countries do not require proof of age to download pornography?
Justin
What if you dont have a credit card any way around it?