If all goes to plan, from April 2018 anyone in the UK visiting a website deemed pornographic will be asked to verify that they are aged 18 or over before they can proceed.
The plan, proposed as part of the Digital Economy Act in 2016, was formally “commenced” this week by the Minister of State for Digital and Culture, Matt Hancock, who offered surprisingly scant detail on its implementation in comments made to a newspaper website.
It seems likely that the British Board of Film Classification (BBFC) will be empowered to decide what constitutes a pornographic website. As regulator it will also will be given the power to fine publishers up to £250,000 ($325,000) for failing to impose verification, on pain of being blocklisted by local ISPs.
Hancock summed up the Act’s purpose:
All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world.
With anti-censorship and privacy groups up in arms, and network engineers scratching their heads, worries that the law will have unintended consequences are surfacing too.
At its heart is the age verification process, which it seems will involve asking for credit card numbers. This means that people will have to start trusting their personal data to websites whose security they know little about, in situations where their concerns about privacy and anonymity may be higher than usual.
It’s not yet clear whether verification will happen through a single provider or on every site but wherever the data’s kept it will surely be a tempting target for hackers and extortionists. Pornography publishers don’t have a pristine reputation for data security as a number of recent breaches show.
There are also concerns that the move will encourage a market in stolen credit cards re-purposed to access porn sites.
The vast majority of publishers aren’t in the UK which means that enforcing UK Data Protection (DPA) to prevent (or prosecute) a data breach looks a naive hope.
I expect people – not least millions of adults who don’t have a credit card – to turn to VPNs (Virtual Private Networks) or Tor to bypass verification. Both tools allow users to hide their IP address and appear to be in countries other than the UK.
The assumption is, presumably, that children either won’t want to do this or won’t be able to. Good VPNs cost money and paying for them often requires access to a credit card.
Technology has a habit of becoming commoditised over time though. The Tor browser is free and so is Opera, a web browser that comes with a free, integrated proxy-based VPN (i.e. securing only browser traffic) on desktop and mobile. Google’s Wi-Fi Assistant builds the same into Android for its own handsets connecting through public hotspots in the US.
There is another cost to using a VPN though, even a free one: with all your browser traffic flowing through it you end up sharing far more with your VPN provider than you ever do with any individual site. You’d better choose one you trust.
By my reckoning it would only take a modest expansion of free VPNs in the coming years to send the UK Digital Economy Act back to square one.
Would the Government then attempt to filter or legislate against VPNs too? The only government to do that currently on any scale is China, a dismal example for a country such as the UK to follow. Going that far would risk a collapse in support for any legislation.
Meanwhile, pornographic content distributed via social media appears to be a grey area. People access this from within each platform and it’s not clear whether companies would be asked to apply parallel controls.
What is clear is that the UK wants to join a growing list of countries imposing controls on Internet content, including pornography. Campaigners fret that this is really a potential gateway to the eventual imposition of censorship on other kinds of content.
If it is, future governments might one day rue the day. Evasion will grow, as could adult resentment. Telling people what they can and can’t view tends to end in tears.