The UK powers that be consider online porn to be akin to cyber matches: you just can’t let kids play with that stuff, lest they set their eyeballs on fire.
It’s a well-established, thoroughly legislated angst, with the most current relevant legislation tucked into the Digital Economy Act. The problem – well, one of many – is that this angst seems poised to set the adult population of the country up for Ashley Madison-esque breaches.
The country is eager to protect children from porn. It’s a worthy goal, mind you, given that research shows that exposing kids to porn can be damaging. Unfortunately, it’s a quixotic goal, given that porn is impossible to block. Nevertheless, the UK is now on the brink of creating a database of the country’s porn habits.
It also seems poised to hand the age verification piece of that puzzle over to an outfit that Vice refers to as “the shady company that controls the majority of free porn tube sites.”
That company is called MindGeek. Vice likens it to the Walmart of porn. Britain’s leading obscenity lawyer, Myles Jackman, says it supposedly owns about 90% of tube sites on the internet, and it didn’t get that way by making friends in the industry.
They’re deeply unpopular within the porn industry because they’re widely blamed for killing the production end of the industry by distributing other people’s paid-for-content for free.
MindGeek got big by distributing free porn, in other words, and thereby choking porn companies that need to sell the stuff to fund its production.
And now, MindGeek, the WalMart of porn, is getting ready to become even more filthy rich by having maneuvered itself into the position of becoming gatekeeper for consumers of porn, be they adults or kids who don’t know how to use a virtual private network (VPN).
It’s not a done deal quite yet, but MindGeek has had several conversations with officials. It’s also currently pushing its own age verification platform, AgeID. If selected, Britons could be dealing with AgeID as the principal gate between themselves and their porn.
Starting in April 2018, part of the Digital Economy Act will force all porn sites operating in the UK to age verify (AV) their users. What if they refuse, or if they can’t afford to comply? Well, then, flip the switch on the way out: it’s lights-out time.
Age verification is tricky. And it will cost money. The Department for Culture, Media and Sport has tendered AV solutions to “whomever can come up with a foolproof plan to vet porn users.” Once the government-appointed regulator – likely the British Board of Film Classification (BBFC), subject to approval by Parliament – approves the plans, porn sites will choose which AV technique to buy into.
Some of the solutions put forth have been to verify age by credit card; to authorize an age verifier to rifle through your social media updates, photos, friend lists, education history, and personal metadata, and to use machine learning to crunch it all to determine if you’re over 18; to send you a text, to which you reply, after which the age verifier asks your telecom provider to verify your age; or to use facial recognition to compare a selfie and another photo: say, from your passport.
Rather than paying third parties to provide those AV solutions, MindGeek’s AgeID offers a package solution of “anything that works” from the list of AV technologies, all bundled up in an easy-to-use interface that porn sites can buy as a service.
Alec Muffett, a security expert, board member of the Open Rights Group, and former Facebook software engineer, says it doesn’t have to stop at porn. According to Vice, the government is already discussing ways such AV technology can be used for online sales of knives, acid, alcohol and other child-unfriendly products.
AgeID would work like this: when you visit a porn site, such as Pornhub, for example, you’ll be shuffled off to choose a third-party regulator-approved service to prove your age. AgeID does the shuffling, then comes back with a “pass” or “fail” verdict. Next time you log into a MindGeek site, or one that uses MindGeek’s service, you simply log in, without further ado.
Jackman says it’s pure genius:
They have gone on public record to say they expect to sign up 20 to 25 million adult consumers in the UK in the first month alone. That’s about a third of Britain’s adult population. In the first month! I mean, wow.
And who, exactly, are the AV companies handling all your personal data? And how well, exactly, are they securing it? After all, we’re looking at what will be a database of the UK’s porn habits. It’s a hacker’s dream.
Digital minister Matt Hancock told the Guardian that this gateway, presumably combined with children being oblivious to VPNs, will keep them safe.
Now we are taking the next step to put in place the legal requirement for websites with adult content to ensure it is safely behind an age verification control.
All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world.
Privacy advocates including Jackman, the legal director of the Open Rights Group, don’t see it that way. They see it, rather, as a invitation for huge privacy leaks. Here are remarks that Jackman posted in October:
One of the most serious problems with the Digital Economy Bill is the absence of any serious scrutiny around age verification for adult online pornographic material. We think this creates a huge risk of privacy leaks and also prejudices sexual minorities adversely.
Data collection creates an inherent risk of data loss through hack, breach, or other forms of intrusion. There is a significant risk of an Ashley-Madison style hack to all users of age verification. Personal identifying details linked with their sexual preferences, and this is an enormous risk for almost every consenting adult in this country.
At this point, Jackman said, there’s no imperative as to the privacy and safeguard of users to avoid the risk of private sexual interests being leaked into the public domain.
Muffett stresses that nobody’s arguing that children should be allowed to view online porn. That’s why we call it adult material, he says.
But the way that age verification is being mapped out – i.e, a visitor to a porn site gets redirected to a service where they input private details – just doesn’t make sense with the way the internet works. It’s a weak mechanism, he said, given that any teenager who knows a parent’s password for a bank or credit card or the like can forge the credentials, “prove” they’re older than 18, and get as much porn as they want.
Could the UK government, in its zeal to protect the children, be putting the country on a path that could well lead to more such sexual preference-related data breaches?