BBFC Internet Porn Censors

BBFC: Age Verification We Don't Trust



 

Offsite Article: First words from Britain's new internet porn censor...


Link Here 11th March 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC takes its first steps to explain how it will stop people from watching internet porn

See article from bbfc.co.uk

 

 

A matter of trust...

The BBFC consults about age verification for internet porn, and ludicrously suggests that the data oligarchs can be trusted with your personal identity data because they will follow 'best practice'


Link Here 26th March 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
  

Your data is safe with us.
We will follow 'best practices', honest!
 

The BBFC has launched its public consultation about its arrangements for censoring porn on the internet.

The document was clearly written before the Cambridge Analytica data abuse scandal. The BBFC gullibility in accepting the word of age verification providers and porn websites, that they will look after your data, now rather jars with what we see going on in the real world.

After all European data protection laws allow extensive use of your data, and there are absolutely no laws governing what foreign websites can do with your identity data and porn browsing history.

I think that under the current arrangements, if a Russian website were to hand over identity data and porn browsing history straight over to the Kremlin dirty tricks department, then as long as under 18s would be prohibited, then the BBFC would have to approve that website's age verification arrangements.

Anyway there will be more debate on the subject over the coming month.

The BBFC writes:

Consultation on draft Guidance on Age-Verification Arrangements and draft Guidance on Ancillary Service Providers

Under section 14(1) of the Digital Economy Act 2017, all providers of online commercial pornographic services accessible from the UK will be required to carry age-verification controls to ensure that their content is not normally accessible to children.

This legislation is an important step in making the internet a safer place for children.

The BBFC was designated as the age-verification regulator under Part 3 of the Digital Economy Act 2017 on 21 February 2018.

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish two sets of Guidance: Guidance on Age-verification Arrangements and Guidance on Ancillary Service Providers .

The BBFC is now holding a public consultation on its draft Guidance on Age-Verification Arrangements and its draft Guidance on Ancillary Service Providers. The deadline for responses is the 23 April 2018 .

We will consider and publish responses before submitting final versions of the Guidance to the Secretary of State for approval. The Secretary of State is then required to lay the Guidance in parliament for formal approval. We support the government's decision to allow a period of up to three months after the Guidance is formally approved before the law comes into force, in order to give industry sufficient time to comply with the legislation.

Draft Guidance on Age-verification Arrangements

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish:

"guidance about the types of arrangements for making pornographic material available that the regulator will treat as complying with section 14(1)".

The draft Guidance on Age-Verification Arrangements sets out the criteria by which the BBFC will assess that a person has met with the requirements of section 14(1) of the Act. The draft guidance outlines good practice, such as offering choice of age-verification solutions to consumers. It also includes information about the requirements that age-verification services and online pornography providers must adhere to under data protection legislation and the role and functions of the Information Commissioner's Office (ICO). The draft guidance also sets out the BBFC's approach and powers in relation to online commercial pornographic services and considerations in terms of enforcement action.

Draft Guidance on Ancillary Service Providers

Under section 25 of the Digital Economy Act 2017, the BBFC is required to publish: "guidance for the purposes of section 21(1) and (5) about the circumstances in which it will treat services provided in the course of a business as enabling or facilitating the making available of pornographic material or extreme pornographic material".

The draft Guidance on Ancillary Service Providers includes a non-exhaustive list of classes of ancillary service provider that the BBFC will consider notifying under section 21 of the Act, such as social media and search engines. The draft guidance also sets out the BBFC's approach and powers in relation to online commercial pornographic services and considerations in terms of enforcement action.

How to respond to the consultation

We welcome views on the draft Guidance in particular in relation to the following questions:

Guidance on Age-Verification Arrangements

  • Do you agree with the BBFC's Approach as set out in Chapter 2?

  • Do you agree with the BBFC's Age-verification Standards set out in Chapter 3?

  • Do you have any comments with regards to Chapter 4?

The BBFC will refer any comments regarding Chapter 4 to the Information Commissioner's Office for further consideration.

Draft Guidance on Ancillary Service Providers

  • Do you agree with the BBFC's Approach as set out in Chapter 2?

  • Do you agree with the classes of Ancillary Service Provider set out in Chapter 3?

Please submit all responses (making reference to specific sections of the guidance where relevant) and confidentiality forms as email attachments to:

DEA-consultation@bbfc.co.uk

The deadline for responses is 23 April 2018 .

We will consider and publish responses before submitting final versions of the Guidance to the Secretary of State for approval.

Update: Intentionally scary

31st March 2018. From Wake Me Up In Dreamland on twitter.com

The failure to ensure data privacy/ protection in the Age Ver legislation is wholely intentional. Its intended to scare people away from adult material as a precursor to even more web censorship in UK.

 

 

Offsite Article: Porn Age Verification Rules...


Link Here 12th April 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Expensive, Ineffective and a Hacker's DelightIncrease. By Vince Warrington, Founder Protective Intelligence

See article from cbronline.com

 

 

Offsite Podcast: Podcast: Steve Winyard - Age Verification and AV Secure...


Link Here 16th April 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Perhaps the most hopeful age verification technology where you can be age verified for porn at your local supermarket without providing any ID whatsoever

See article from itsadult.com

 

 

Don't forget the BBFC age verification consultation ends on Monday...

Note that BBFC has now re-opened its web pages with the consultation details


Link Here 20th April 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC is consulting on its procedures for deciding if porn websites have implemented adequately strictly such that under 18s won't normally be able to access the website. Any websites not complying will be fined/blocked and/or pressurised by hosting/payment providers and advertisers who are willing to support the BBFC censorship.

Now I'm sure that the BBFC will diligently perform their duties with fairness and consideration for all, but the trouble is that all the horrors of scamming, hacking, snooping, blackmail, privacy etc are simply not the concern of the BBFC. It is pointless to point out how the age verification will endanger porn viewers, it is not in their remit.

If a foreign website were to implement strict age verification and then pass over all the personal details and viewing habits straight to its blackmail, scamming and dirty tricks department, then this will be perfectly fine with the BBFC. It is only their job to ensure that under 18s won't get through the ID checking.

There is a little privacy protection for porn websites with a presence in the EU, as the new GDPR rues have some generic things to say about keeping data safe. However these are mostly useless if you give your consent to the websites to use your data as they see fit. And it seems pretty easy to get consent for just about anything just be asking people to tick a box, or else not be allowed to see the porn. For example, Facebook will still be allowed to slurp all you personal data even within the constraints of GDPR, so will porn websites.

As a porn viewer, the only person who will look after you, is yourself.

The woeful flaws of this bill need addressing (by the government rather than the BBFC). We need to demand of the government: Don't save the children by endangering their parents.

At the very least we need a class of critically private data that websites simply must not use, EVER, under any circumstances, for any reason, and regardless of nominal user consent. Any company that uses this critically private data must be liable to criminal prosecution.

Anyway there have been a few contributions to the debate in the run up to the end of the BBFC consultation.

The Digital Economy Act -- The Truth: AgeID

20th April 2018. See  article from cbronline.com

AgeID says it wants to set the record straight on user data privacy under pending UK smut age check rules. As soon as a customer enters their login credentials, AgeID anonymises them. This ensures AgeID does not have a list of email addresses. We cannot market to them, we cannot even see them

[You always have to be a bit sceptical about claims that anonymisation protects your data. Eg if Facebook strips off your name and address and then sells your GPS track as 'anonymised', when in fact your address and then name can be restored by noting that you spend 12 hours a day at 32 Acacia avenue and commute to work at Snoops R Us. Perhaps more to the point of PornHub, may indeed not know that it was Damian@Green.com that hashed to 00000666, but the browsing record of 0000666 will be stored by PornHub anyway. And when the police come along and find from the ID company that Damian@Green.com hashes to 0000666 then the can simply ask PornHub to reveal the browsing history of 0000666.

Tell the BBFC that age verification will do more harm than good

20th April 2018. See  article from backlash.org.uk

MindGeek's age verification solution, AgeID, will inevitably have broad takeup due to their using it on their free tube sites such as PornHub. This poses a massive conflict of interest: advertising is their main source of revenue, and they have a direct profit motive to harvest data on what people like to look at. AgeID will allow them to do just that.

MindGeek have a terrible record on keeping sensitive data secure, and the resulting database will inevitably be leaked or hacked. The Ashley Madison data breach is a clear warning of what can happen when people's sex lives are leaked into the public domain: it ruins lives, and can lead to blackmail and suicide. If this policy goes ahead without strict rules forcing age verification providers to protect user privacy, there is a genuine risk of loss of life.

Update: Marc Dorcel Issues Plea to Participate in U.K. Age-Verification Consultation

20th April 2018. See  article from xbiz.com

French adult content producer Marc Dorcel has issued a plea for industry stakeholders to participate in a public consultation on the U.K.'s upcoming age-verification system for adult content. The consultation period closes on Monday. The studio said the following about participation in the BBFC public consultation:

The time of a wild internet where everyone could get immediate and open access to porn seems to be over as many governments are looking for concrete solutions to control it.

U.K. is the first one to have voted a law regarding this subject and who will apply a total blockage on porn websites which do not age verify and protect minors. Australian, Polish and French authorities are also looking very closely into this issue and are interested in the system that will be elected in the U.K.

BBFC is the organization which will define and manage the operation. In a few weeks, the BBFC will deliver the government its age-verification guidance in order to define and detail how age-verification should comply with this new law.

BBFC wants to be pragmatic and is concerned about how end users and website owners will be able to enact this measure.

The organization has launched an open consultation in order to collect the public and concerned professionals' opinion regarding this matter here .

As a matter of fact, age-verification guideline involves a major challenge for the whole industry: age-verification processor cannot be considered neither as a gateway nor a toll. Moreover, it cannot be an instrument to gather internet users' data or hijack traffic.

Marc Dorcel has existed since 1979 and operates on numerous platforms -- TV, mobile, press, web networks. We are used to regulation authorities.

According to our point of view, the two main requirements to define an independent age-verification system that would not serve specific corporate interests are: 1st requirement -- neither an authenticated adult, nor his data should belong to any processor; 2nd requirement -- processor systems should freely be chosen because of their efficiency and not because of their dominant position.

We are also thinking that our industry should have two requests for the BBFC to insure a system which do not create dependency:

  • Any age-verification processor scope should be limited to a verification task without a user-registration system. As a consequence, processors could not get benefits on any data user or traffic control, customers' verified age would independently be stored by each website or website network and users would have to age verify for any new website or network.

  • If the BBFC allows any age-verification processor to control a visitor data base and to manage login and password, they should commit to share the 18+ login/password to the other certified processors. As a consequence, users would only have one age verification enrollment on their first visit of a website, users would be able to log in with the same login/password on any age verification system to prove their age, and verified adults would not belong to any processor to avoid any dependency.

In those cases, we believe that an age-verification solution will act like a MPSP (multiple payment service provider) which processes client payments but where customers do not belong to payment processors, but to the website and where credit card numbers can be used by any processor.

We believe that any adult company concerned with the future of our business should take part in this consultation, whatever his point of view or worries are.

It is our responsibility to take our fate into our own hands.

 

 

When have internet companies ever followed 'best practice'?...

Response to the BBFC consultation on UK internet porn censorship


Link Here 23rd April 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Re Guidance on Age-Verification Arrangements

I agree with the BBFC's Approach as set out in Chapter 2

Re Age-verification Standards set out in Chapter 3

4. This guidance also outlines good practice in relation to age-verification to encourage consumer choice and the use of mechanisms that confirm age but not identity.

I think you should point out to porn viewers that your ideas on good practice are in no way enforceable on websites. You should not mislead porn viewers into thinking that their data is safe because of the assumption that websites will follow best practice. They may not.

5c. A requirement that either a user age-verify each visit or access is restricted by controls, manual or electronic, such as, but not limited to, password or personal identification numbers

This is a very glib sentence that could be the make or break of user acceptability of age verification.

This is not like watching films on Netflix, ie entering a PIN and watching a film. Viewing porn is more akin to browsing, hopping from one website to another, starting a film, quickly deciding it is no good and searching for another, maybe on a different site. Convenient browsing requires that a verification is stored for at least a reasonable time in a cookie. So that it can be access automatically by all websites using the same verification provider (or even different verification providers if they could get together to arrange this).

At the very least the BBFC should make a clearer statement about persistence of PINs or passwords and whether it is acceptable to maintain valid verifications in cookies.(or age verifier databases). The Government needs adults to buy into age verification. If the BBFC get too fussy about eliminating the risk that under 18s could view porn then the whole system could become too inconvenient for adults to be bothered with, resulting in a mass circumvention of the system with lots of information in lots of places about how and where porn could be more easily obtained. The under 18s would probably see this too, and so this would surely diminish the effectiveness of the whole idea. The very suggestion that users age verify each visit suggests that the BBFC is simply not on the right wavelength for a viable solution. Presumably not much thought has been put into specifying advance requirements, and that instead the BBFC will consider the merits of proposals as they arise. The time scales for enactment of the law should therefore allow for technical negotiations between developers and the BBFC about how each system should work.

5d. the inclusion of measures that are effective at preventing use by non-human operators including algorithms

What a meaningless statement, surely the age verification software process itself will be non human working on algorithms. Do bots need to be protected from porn? Are you saying that websites should not allow their sites to be accessed by Google's search engine bots? Unless there is an element of repeat access, a website does not really know that it is being accessed by a bot or a human. I think you probably have a more specific restriction in mind, and this has not been articulated in this vague and meaningless statement

7. Although not a requirement under section 14(1) the BBFC recommends that age-verification providers adopt good practice in the design and implementation of their solutions. These include solutions that: include clear information for end-users on data protection

When have websites or webs services ever provided clear information about data protection? The most major players of the internet refuse to provide clear information, eg Facebook or Google.

9. During the course of this age-verification assessment, the BBFC will normally be able to identify the following in relation to data protection compliance concerns: failure to include clear information for end-users on data protection and how data is used; and requesting more data than is necessary to confirm age, for example, physical location information.

Excellent! This would be good added value from the BBFC At the very least the BBFC should inform porn viewers that for foreign non-EU sites, there will be absolutely no data protection, and for EU websites, once users give their consent then the websites can do more or less anything with the data.

10. The BBFC will inform the Information Commissioner's Office where concerns arise during its assessment of the age-verification effectiveness that the arrangement does not comply with data protection legislation. The ICO will consider if further investigation is appropriate. The BBFC will inform the online commercial pornography provider(s) that it has raised concerns with the ICO.

Perhaps the BBFC could make it clear to porn users, the remit of the ICO over non-EU porn sites, and how the BBFC will handle these issues for a non-EU website.

Re Data Protection and the Information Commissioner's Office

The world's major websites such as Facebook that follow all the guidelines noted in this section but end up telling you nothing about how your data is used, I don't suppose porn sites will be any more open.

3b Where an organisation processing personal data is based outside the EU, an EU-based representative must be appointed and notified to the individual

Will the BBFC block eg a Russian website that complies with age verification by requiring credit card payments but has no EU representative? I think the BBFC/ICO needs to add a little bit more about data protection for websites and services outside of the EU. Porn viewers need to know.

General

Perhaps the BBFC could keep a FAQ for porn viewers eg Does the UK vetting service for people working with children have access to age verification data used for access to porn sites?

 

 

Offsite Article: Expect a schoolyard black market in adult login-codes...


Link Here 24th April 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The Economist does a piece on porn age verification and quotes some bollox from the BBFC about the requirements not making life harder for adult porn viewers

See article from economist.com

 

 

The government is acting negligently on privacy and porn AV...

Top of our concerns was the lack of privacy safeguards to protect the 20 million plus users who will be obliged to use Age Verification tools to access legal content.


Link Here 8th May 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

We asked the BBFC to tell government that the legislation is not fit for purpose, and that they should halt the scheme until privacy regulation is in place. We pointed out that card payments and email services are both subject to stronger privacy protections that Age Verification.

The government's case for non-action is that the Information Commissioner and data protection fines for data breaches are enough to deal with the risk. This is wrong: firstly because fines cannot address the harm created by the leaking of people's sexual habits. Secondly, it is wrong because data breaches are only one aspect of the risks involved.

We outlined over twenty risks from Age Verification technologies. We pointed out that Age Verification contains a set of overlapping problems. You can read our list below. We may have missed some: if so, do let us know.

The government has to act. It has legislated this requirement without properly evaluating the privacy impacts. If and when it goes wrong, the blame will lie squarely at the government's door.

The consultation fails to properly distinguish between the different functions and stages of an age verification system. The risks associated with each are separate but interact. Regulation needs to address all elements of these systems. For instance:

  • Choosing a method of age verification, whereby a user determines how they wish to prove their age.

  • The method of age verification, where documents may be examined and stored.

  • The tool's approach to returning users, which may involve either:

    • attaching the user's age verification status to a user account or log-in credentials; or

    • providing a means for the user to re-attest their age on future occasions.

  • The re-use of any age verified account, log-in or method over time, and across services and sites.

The focus of attention has been on the method of pornography-related age verification, but this is only one element of privacy risk we can identify when considering the system as a whole. Many of the risks stem from the fact that users may be permanently 'logged in' to websites, for instance. New risks of fraud, abuse of accounts and other unwanted social behaviours can also be identified. These risks apply to 20-25 million adults, as well as to teenagers attempting to bypass the restrictions. There is a great deal that could potentially go wrong.

Business models, user behaviours and potential criminal threats need to be taken into consideration. Risks therefore include:

Identity risks

  • Collecting identity documents in a way that allows them to potentially be correlated with the pornographic content viewed by a user represents a serious potential risk to personal and potentially highly sensitive data.

Risks from logging of porn viewing

  • A log-in from an age-verified user may persist on a user's device or web browser, creating a history of views associated with an IP address, location or device, thus easily linked to a person, even if stored 'pseudonymously'.

  • An age verified log-in system may track users across websites and be able to correlate tastes and interests of a user visiting sites from many different providers.

  • Data from logged-in web visits may be used to profile the sexual preferences of users for advertising. Tool providers may encourage users to opt in to such a service with the promise of incentives such as discounted or free content.

  • The current business model for large porn operations is heavily focused on monetising users through advertising, exacerbating the risks of re-use and recirculation and re-identification of web visit data.

  • Any data that is leaked cannot be revoked, recalled or adequately compensated for, leading to reputational, career and even suicide risks.

Everyday privacy risks for adults

  • The risk of pornographic web accounts and associated histories being accessed by partners, parents, teenagers and other third parties will increase.

  • Companies will trade off security for ease-of-use, so may be reluctant to enforce strong passwords, two-factor authentication and other measures which make it harder for credentials to leak or be shared.

  • Everyday privacy tools used by millions of UK residents such as 'private browsing' modes may become more difficult to use to use due to the need to retain log-in cookies, increasing the data footprint of people's sexual habits.

  • Some users will turn to alternative methods of accessing sites, such as using VPNs. These tools have their own privacy risks, especially when hosted outside of the EU, or when provided for free.

Risks to teenagers' privacy

  • If age-verified log-in details are acquired by teenagers, personal and sexual information about them may become shared including among their peers, such as particular videos viewed. This could lead to bullying, outing or worse.

  • Child abusers can use access to age verified accounts as leverage to create and exploit a relationship with a teenager ('grooming').

  • Other methods of obtaining pornography would be incentivised, and these may carry new and separate privacy risks. For instance the BitTorrent network exposes the IP addresses of users publicly. These addresses can then be captured by services like GoldenEye, whose business model depends on issuing legal threats to those found downloading copyrighted material. This could lead to the pornographic content downloaded by young adults or teenagers being exposed to parents or carers. While copyright infringement is bad, removing teenagers' sexual privacy is worse. Other risks include viruses and scams.

Trust in age verification tools and potential scams

  • Users may be obliged to sign up to services they do not trust or are unfamiliar with in order to access specific websites.

  • Pornographic website users are often impulsive, with lower risk thresholds than for other transactions. The sensitivity of any transactions involved gives them a lower propensity to report fraud. Pornography users are therefore particularly vulnerable targets for scammers.

  • The use of credit cards for age verification in other markets creates an opportunity for fraudulent sites to engage in credit card theft.

  • Use of credit cards for pornography-related age verification risks teaching people that this is normal and reasonable, opening up new opportunities for fraud, and going against years of education asking people not to hand card details to unknown vendors.

  • There is no simple means to verify which particular age verification systems are trustworthy, and which may be scams.

Market related privacy risks

  • The rush to market means that the tools that emerge may be of variable quality and take unnecessary shortcuts.

  • A single pornography-related age verification system may come to dominate the market and become the de-facto provider, leaving users no real choice but to accept whatever terms that provider offers.

  • One age verification product which is expected to lead the market -- AgeID -- is owned by MindGeek, the dominant pornography company online. Allowing pornographic sites to own and operate age verification tools leads to a conflict of interest between the privacy interests of the user, and the data-mining and market interests of the company.

  • The online pornography industry as a whole, including MindGeek, has a poor record of privacy and security, littered with data breaches. Without stringent regulation prohibiting the storage of data which might allow users' identity and browsing to be correlated, there is no reason to assume that data generated as a result of age verification tools will be exempt from this pattern of poor security.

 

 

Newsagents to sell 'porn passes'...

The press picks up on the age verification offering from AVSecure that offers anonymous porn browsing


Link Here 14th May 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Adults who want to watch online porn (or maybe by adults only products such as alcohol) will be able to buy codes from newsagents and supermarkets to prove that they are over 18 when online.

One option available to the estimated 25 million Britons who regularly visit such websites will be a 16-digit code, dubbed a 'porn pass'.

While porn viewers will still be able to verify their age using methods such as registering credit card details, the 16-digit code option would be a fully anonymous option. According to AVSecure's the cards will be sold for 10 to anyone who looks over 18 without the need for any further identification. It doesn't say on the website, but presumably in the case where there is doubt about a customer's age, then they will have to show ID documents such as a passport or driving licence, but hopefully that ID will not have to be recorded anywhere.

It is hope he method will be popular among those wishing to access porn online without having to hand over personal details to X-rated sites.

The user will type in a 16 digit number into websites that belong to the AVSecure scheme. It should be popular with websites as it offers age verification to them for free (with the 10 card fee being the only source of income for the company). This is a lot better proposition for websites than most, if not all, of the other age verification companies.

AVSecure also offer an encrypted implementation via blockchain that will not allow websites to use the 16 digit number as a key to track people's website browsing. But saying that they could still use a myriad of other standard technologies to track viewers.

The BBFC is assigned the task of deciding whether to accredit different technologies and it will be very interesting to see if they approve the AVSecure offering. It is easily the best solution to protect the safety and privacy of porn viewers, but it maybe will test the BBFC's pragmatism to accept the most workable and safest solution for adults which is not quite fully guaranteed to protect children. Pragmatism is required as the scheme has the technical drawback of having no further checks in place once the card has been purchased. The obvious worry is that an over 18s can go around to other shops to buy several cards to pass on to their under 18 mates. Another possibility is that kids could stumble on their parent's card and get access. Numbers shared on the web could be easily blocked if used simultaneously from different IP addresses.

 

 

Pornhub blows a raspberry at the BBFC...

And introduces a free VPN to short circuit UK porn censorship


Link Here 25th May 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Pornhub, the dominant force amongst the world's porn websites, has sent a challenge to the BBFC's porn censorship regime by offering a free workaround to any porn viewer who would prefer to hide their tracks rather then open themselves up to the dangers of offering up their personal ID to age verifiers.

And rather bizarrely Pornhub are one of the companies offering age verification services to  porn sites who want to comply with UK age verification requirements.

Pornhub describes its VPN service with references to UK censorship:

Browse all websites anonymously and without restrictions.

VPNhub helps you bypass censorship while providing secure and private access to Internet. Access all of your favorite websites without fear of being monitored.

Hide your information and surf the Internet without a trace.

Enjoy the pleasure of protection with VPNhub. With full data encryption and guaranteed anonymity, go with the most trusted VPN to protect your privacy anywhere in the world.

Free and Unlimited

Enjoy totally free and unlimited bandwidth on your device of choice.

 

 

Offsite Article: UK push for porn passes raises privacy and data concerns...


Link Here 28th May 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Age verification requirement has raised fears about privacy, and concerns that independent providers will suffer disproportionately.

See article from wikitribune.com

 

 

Healthy scepticism...

Pandora Blake suggests that there have been about 750 responses to its consultation on age verification requirements for porn sites


Link Here 28th May 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Age verification has been hanging over us for several years now - and has now been put back to the end of 2018 after enforcement was originally planned to start last month.

I'm enormously encouraged by how many people took the opportunity to speak up and reply to the BBFC consultation on the new regulations .

Over 500 people submitted a response using the tool provided by the Open Rights Group , emphasising the need for age verification tech to be held to robust privacy and security standards.

I'm told that around 750 consultation responses were received by the BBFC overall, which means that a significant majority highlighted the regulatory gap between the powers of the BBFC to regulate adult websites, and the powers of the Information Commissioner to enforce data protection rules.

 

 

Whatever happened to...

The BBFC consultation on UK internet porn censorship


Link Here 17th July 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Nobody seems to have heard much about the progress of the BBFC consultation about the process to censor internet porn in the UK.

The sketchy timetable laid out so far suggests that the result of the consultation should be published prior to the Parliamentary recess scheduled for 26th July. Presumably this would provide MPs with some light reading over their summer hols ready for them to approve as soon as the hols are over.

Maybe this publication may have to be hurried along though, as pesky MPs are messing up Theresa May's plans for a non-Brexit, and she would like to send them packing a week early before they can cause trouble. ( Update 18th July . The early holidays idea has now been shelved).

The BBFC published meeting minutes this week that mentions the consultation:

The public consultation on the draft Guidance on Age Verification Arrangements and the draft Guidance on Ancillary Service Providers closed on 23 April. The BBFC received 620 responses, 40 from organisations and 580 from individuals. Many of the individual responses were encouraged by a campaign organised by the Open Rights Group.

Our proposed response to the consultation will be circulated to the Board before being sent to DCMS on 21 May.

So assuming that the response was sent to the government on the appointed day then someone has been sitting on the results for quite a long time now.

Meanwhile its good to see that people are still thinking about the monstrosity that is coming our way. Ethical porn producer Erica Lust has been speaking to News Internationalist. She comments on the way the new law will compound MindGeek's monopolitistc dominance of the online porn market:

The age verification laws are going to disproportionately affect smaller low-traffic sites and independent sex workers who cannot cover the costs of installing age verification tools.

It will also impact smaller sites by giving MindGeek even more dominance in the adult industry. This is because the BBFC draft guidance does not enforce sites to offer more than one age verification product. So, all of MindGeeks sites (again, 90% of the mainstream porn sites) will only offer their own product; Age ID. The BBFC have also stated that users do not have to verify their age on each visit if access is restricted by password or a personal ID number. So users visiting a MindGeek site will only have to verify their age once using AgeID and then will be able to login to any complying site without having to verify again. Therefore, viewers will be less likely to visit competitor sites not using the AgeID technology, and simultaneously competitor sites will feel pressured to use AgeID to protect themselves from losing viewers.

...Read the full  article from newint.org

 

 

BBFC: Age Verification We Don't Trust...

BBFC boss writes a 'won't somebody think of the children' campaigning piece in support of the upcoming porn censorship law, disgracefully from behind a paywall


Link Here 22nd July 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
David Austin as penned what looks like an official BBFC campaigning piece trying to drum up support for the upcoming internet porn censorship regime. Disgracefully the article is hidden behind a paywall and is restricted to Telegraph paying subscribers.

Are children protected by endangering their parents or their marriage?

The article is very much a one sided piece, focusing almost entirely on the harms to children. It says nothing about the extraordinary dangers faced by adults when handing over personal identifying data to internet companies. Not a word about the dangers of being blackmailed, scammed or simply outed to employers, communities or wives, where the standard punishment for a trivial transgression of PC rules is the sack or divorce.

Austin speaks of the scale of the internet business and the scope of the expected changes. He writes:

There are around five million pornographic websites across the globe. Most of them have no effective means of stopping children coming across their content. It's no great surprise, therefore, that Government statistics show that 1.4 million children in the UK visited one of these websites in one month.

...

The BBFC will be looking for a step change in the behaviour of the adult industry. We have been working with the industry to ensure that many websites carry age-verification when the law comes into force.

...

Millions of British adults watch pornography online. So age-verification will have a wide reach. But it's not new. It's been a requirement for many years for age-restricted goods and services, including some UK hosted pornographic material.

I guess at this last point readers will be saying I never knew that. I've never come across age verification ever before. But the point here is these previous rules devastated the British online porn industry and the reason people don't ever come across it, is that there are barely any British sites left.

Are children being protected by impoverishing their parents?

Not that any proponents of age verification could care less about British people being able to make money. Inevitably the new age verification will further compound the foreign corporate monopoly control on yet another internet industry.

Having lorded over a regime that threatens to devastate lives, careers and livelihoods, Austin ironically notes that it probably won't work anyway:

The law is not a silver bullet. Determined, tech-savvy teenagers may find ways around the controls, and not all pornography online will be age-restricted. For example, the new law does not require pornography on social media platforms to be placed behind age-verification controls.

 

 

Unfinished business...

Open Rights Group comments on the missed milestone of publishing final age verification guidelines before Parliament's summer recess


Link Here 5th August 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

MPs left behind unfinished business when they broke for summer recess, and we aren't talking about Brexit negotiations. The rollout of mandatory age verification (AV) technology for adult websites is being held up once again while the Government mulls over final details. AV tech will create highly sensitive databases of the public's porn watching habits, and Open Rights Groups submitted a report warning the proposed privacy protections are woefully inadequate. The Government's hesitation could be a sign they are receptive to our concerns, but we expect their final guidance will still treat privacy as an afterthought. MPs need to understand what's at stake before they are asked to approve AV guidelines after summer.

AV tools will be operated by private companies, but if the technology gets hacked and the personal data of millions of British citizens is breached, the Government will be squarely to blame. By issuing weak guidelines, the Government is begging for a Cambridge Analytica-style data scandal. If this technology fails to protect user privacy, everybody loses. Businesses will be damaged (just look at Facebook), the Government will be embarrassed, and the over 20 million UK residents who view porn could have their private sexual preferences exposed. It's in everybody's interest to fix this. The draft guidance lacks even the basic privacy protections required for other digital tools like credit card payments and email services. Meanwhile, major data breaches are rocking international headlines on a regular basis. AV tech needs a dose of common sense.

 

 

Offsite Article: Time Magazine reports on the current status...


Link Here 22nd August 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The U.K. Is About To Censor Online Porn, and Free Speech Advocates Are Alarmed

See article from time.com

 

 

PortesCard...

Pornhub partners with anonymous system based on retailers verifying ages without recording ID


Link Here 8th September 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Pornhub's Age verification system AgeID has announced an exclusive partnership with OCL and its Portes solution for providing anonymous face-to-face age verification solution where retailers OK the age of customers who buy a card enabling porn access. The similar AVSecure scheme allows over 25s to buy the access card without showing any ID but may require to see unrecorded ID from those appearing less than 25.

According to the company, the PortesCard is available to purchase from selected high street retailers and any of the U.K.'s 29,000 PayPoint outlets as a voucher. Each PortesCard will cost 4.99 for use on a single device, or 8.99 for use across multiple devices. This compares with 10 for the AVSecure card.

Once a card or voucher is purchased, its unique validation code must be activated via the Portes app within 24 hours before expiring. Once the user has been verified they will automatically be granted access to all adult sites using AgeID. Maybe this 24 hour limit is something to do with an attempt to restrict secondary sales of porn access codes by ensuring that they get tied to devices almost immediately. It all sounds a little hasslesome.

As an additional layer of protection, parents can quickly and simply block access on their children's devices to sites using Portes, so PortesCards cannot be associated with AgeID.

But note that an anonymously bought card is not quite a 100% safe solution. One has to consider whether if the authorities get hold of a device whether the can then see a complete history of all websites accessed using the app or access code. One also has to consider whether someone can remotely correlate an 'anonymous' access code with all the tracking cookies holding one's id.

 

 

Campaign: ResistAV...

Pandora Blake and Myles Jack launch a new campaigning website to raise funds for a challenge to the government's upcoming internet porn censorship regime


Link Here 11th September 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Niche porn producer, Pandora Blake, Misha Mayfair, campaigning lawyer Myles Jackman and Backlash are campaigning to back a legal challenge to the upcoming internet porn censorship regime in the UK. They write on a new ResistAV.com website:

We are mounting a legal challenge.

Do you lock your door when you watch porn 203 or do you publish a notice in the paper? The new UK age verification law means you may soon have to upload a proof of age to visit adult sites. This would connect your legal identity to a database of all your adult browsing. Join us to prevent the damage to your privacy.

The UK Government is bringing in age verification for adults who want to view adult content online; yet have failed to provide privacy and security obligations to ensure your private information is securely protected.

The law does not currently limit age verification software to only hold data provided by you just in order to verify your age. Hence, other identifying data about you could include anything from your passport information to your credit card details, up to your full search history information. This is highly sensitive data.

What are the Privacy Risks?

Data Misuse - Since age verification providers are legally permitted to collect this information, what is to stop them from increasing revenue through targeting advertising at you, or even selling your personal data?

Data Breaches - No database is perfectly secure, despite good intentions. The leaking or hacking of your sensitive personal information could be truly devastating. The Ashley Madison hack led to suicides. Don't let the Government allow your private sexual preferences be leaked into the public domain.

What are we asking money for?

We're asking you to help us crowdfund legal fees so we can challenge the new age verification rules under the Digital Economy Act 2017. We re asking for 210,000 to cover the cost of initial legal advice, since it's a complicated area of law. Ultimately, we'd like to raise even more money, so we can send a message to Government that your personal privacy is of paramount importance.

 

 

A significant number of responses raised concerns about the introduction of age-verification...

BBFC publishes its summary of the consultation repsonses


Link Here 11th October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

BBFC Executive Summary

The British Board of Film Classification was designated as the age-verification regulator under Part 3 of the Digital Economy Act on 21 February 2018. The BBFC launched its consultation on the draft Guidance on Age-verification Arrangements and draft Guidance on Ancillary Service Providers on 26 March 2018. The consultation was available on the BBFC's website and asked for comments on the technical aspects on how the BBFC intends to approach its role and functions as the age-verification regulator. The consultation ran for 4 weeks and closed on 23 April 2018, although late submissions were accepted until 8 May 2018.

There were a total of 624 responses to the consultation. The vast majority of those (584) were submitted by individuals, with 40 submitted by organisations. 623 responses were received via email, and one was received by post. Where express consent has been given for their publication, the BBFC has published responses in a separate document. Response summaries from key stakeholders are in part 4 of this document.

Responses from stakeholders such as children's charities, age-verification providers and internet service providers were broadly supportive of the BBFC's approach and age-verification standards. Some responses from these groups asked for clarification to some points. The BBFC has made a number of amendments to the guidance as a result. These are outlined in chapter 2 of this document. Responses to questions raised are covered in chapter 3 of this document.

A significant number of responses, particularly from individuals and campaign groups, raised concerns about the introduction of age-verification, and set out objections to the legislation and regulatory regime in principle. Issues included infringement of freedom of expression, censorship, problematic enforcement powers and an unmanageable scale of operation. The government's consultation on age-verification in 2016 addressed many of these issues of principle. More information about why age-verification has been introduced, and the considerations given to the regulatory framework and enforcement powers can be found in the 2016 consultation response by the Department for Digital Culture Media and Sport1.

 

 

The new UK porn censor lays out its stall...

The BBFC launches a new website


Link Here 11th October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
There's loads of new information today about the upcoming internet porn censorship regime to be coordinated by the BBFC.

The BBFC has launched a new website, ageverificationregulator.com , perhaps to distance itself a bit from its film censorship work.

The BBFC has made a few changes to its approach since the rather ropey document published prior to the BBFC's public consultation. In general the BBFC seems a little more pragmatic about trying to get adult porn users to buy into the age verification way of thinking. The BBFC seems supportive of the anonymously bought porn access card from the local store, and has taken a strong stance against age verification providers who reprehensibly want to record people's porn browsing, claiming a need to provide an audit trail.

The BBFC has also decided to offer a service to certify age verification providers in the way that they protect people's data. This is again probably targeted at making adult porn users a bit more confident in handing over ID.

The BBFC tone is a little bit more acknowledging of people's privacy concerns, but it's the government's law being implemented by the BBFC, that allows the recipients of the data to use it more or less how they like. Once you tick the 'take it or leave it' consent box allowing the AV provider 'to make your user experience better' then they can do what they like with your data (although GDPR does kindly let you later withdraw that consent and see what they have got on you).

Another theme that runs through the site is a rather ironic acceptance that, for all the devastation that will befall the UK porn industry, for all the lives ruined by people having their porn viewing outed, for all the lives ruined by fraud and identity theft, that somehow the regime is only about stopping young children 'stumbling on porn'... because the older, more determined, children will still know how to find it anyway.

So the BBFC has laid out its stall, and its a little more conciliatory to porn users, but I for one will never hand over any ID data to anyone connected with a servicing porn websites. I suspect that many others will feel the same. If you can't trust the biggest companies in the business with your data, what hope is there for anyone else.

There's no word yet on when all this will come into force, but the schedule seems to be 3 months after the BBFC scheme has been approved by Parliament. This approval seems scheduled to be debated in Parliament in early November, eg on 5th November there will be a House of Lords session:

Implementation by the British Board of Film Classification of age-verifications to prevent children accessing pornographic websites 203 Baroness Benjamin Oral questions

So the earliest it could come into force is about mid February.

 

 

Preventing children and non human operators from being able to access porn...

BBFC publishes its sometimes bizarre Guidance on Age-verification Arrangement


Link Here 11th October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

The BBFC has published its Age Verification Guidance document that will underipin the implementation of internet porn censorship in the UK.

Perhaps a key section is:

5. The criteria against which the BBFC will assess that an age-verification arrangement meets the requirement under section 14(1) to secure that pornographic material is not normally accessible by those under 18 are set out below:

a. an effective control mechanism at the point of registration or access to pornographic content by the end-user which verifies that the user is aged 18 or over at the point of registration or access

b use of age-verification data that cannot be reasonably known by another person, without theft or fraudulent use of data or identification documents nor readily obtained or predicted by another person

c. a requirement that either a user age-verify each visit or access is restricted by controls, manual or electronic, such as, but not limited to, password or personal identification numbers. A consumer must be logged out by default unless they positively opt-in for their log in information to be remembered

d. the inclusion of measures which authenticate age-verification data and measures which are effective at preventing use by non-human operators including algorithms

It is fascinating as to why the BBFC feels that bots need to be banned, perhaps they need to be 18 years old too, before they can access porn. I am not sure if porn sites will appreciate Goggle-bot being banned from their sites. I love the idea that the word 'algorithms' has been elevated to some sort of living entity.

It all smacks of being written by people who don't know what they are talking about.

In a quick read I thought the following paragraph was important:

9. In the interests of data minimisation and data protection, the BBFC does not require that age-verification arrangements maintain data for the purposes of providing an audit trail in order to meet the requirements of the act.

It rather suggests that the BBFC pragmatically accept that convenience and buy-in from porn-users is more important than making life dangerous for everybody, just n case a few teenagers get hold of an access code.

 

 

Paying for unsafe legislation...

The Government picks up the tab for legal liabilities arising from the BBFC being sued over age verification issues


Link Here 12th October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
As far as I can see if a porn website verifies your age with personal data, it will probably also require you tick tick a consent box with a hol load of small print that nobody ever reads. Now if that small print lets it forward all personal data, coupled with porn viewing data, to the Kremlin's dirty tricks and blackmail department then that's ok with the the Government's age verification law. So for sure some porn viewers are going to get burnt because of what the government has legislated and because of what the BBFC have implemented.

So perhaps it is not surprising that the BBFC has asked the government to pick up the tab should the BBFC be sued by people harmed by their decisions. After all it was the government who set up the unsafe environment, not the BBFC.

Margot James The Minister of State, Department for Culture, Media and Sport announced in Parliament:

I am today laying a Departmental Minute to advise that the Department for Digital, Culture, Media and Sport (DCMS) has received approval from Her Majesty's Treasury (HMT) to recognise a new Contingent Liability which will come into effect when age verification powers under Part 3 of the Digital Economy Act 2017 enter force.

The contingent liability will provide indemnity to the British Board of Film Classification (BBFC) against legal proceedings brought against the BBFC in its role as the age verification regulator for online pornography.

As you know, the Digital Economy Act introduces the requirement for commercial providers of online pornography to have robust age verification controls to protect children and young people under 18 from exposure to online pornography. As the designated age verification regulator, the BBFC will have extensive powers to take enforcement action against non-compliant sites. The BBFC can issue civil proceedings, give notice to payment-service providers or ancillary service providers, or direct internet service providers to block access to websites where a provider of online pornography remains non-compliant.

The BBFC expects a high level of voluntary compliance by providers of online pornography. To encourage compliance, the BBFC has engaged with industry, charities and undertaken a public consultation on its regulatory approach. Furthermore, the BBFC will ensure that it takes a proportionate approach to enforcement and will maintain arrangements for an appeals process to be overseen by an independent appeals body. This will help reduce the risk of potential legal action against the BBFC.

However, despite the effective work with industry, charities and the public to promote and encourage compliance, this is a new law and there nevertheless remains a risk that the BBFC will be exposed to legal challenge on the basis of decisions taken as the age verification regulator or on grounds of principle from those opposed to the policy.

As this is a new policy, it is not possible to quantify accurately the value of such risks. The Government estimates a realistic risk range to be between 21m - 210m in the first year, based on likely number and scale of legal challenges. The BBFC investigated options to procure commercial insurance but failed to do so given difficulties in accurately determining the size of potential risks. The Government therefore will ensure that the BBFC is protected against any legal action brought against the BBFC as a result of carrying out duties as the age verification regulator.

The Contingent Liability is required to be in place for the duration of the period the BBFC remain the age verification regulator. However, we expect the likelihood of the Contingent Liability being called upon to diminish over time as the regime settles in and relevant industries become accustomed to it. If the liability is called upon, provision for any payment will be sought through the normal Supply procedure.

It is usual to allow a period of 14 Sitting Days prior to accepting a Contingent Liability, to provide Members of Parliament an opportunity to raise any objections.

 

 

Not taking censorship lying down...

MoneySupermarket survey finds that 25% of customers will take action if their porn is blocked


Link Here 16th October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
In a survey more about net neutrality than porn censorship, MoneySupermarket noted:

We conducted a survey of over 2,000 Brits on this and it seems that if an ISP decided to block sites, it could result in increasing numbers of Brits switching - 64 per cent of Brits would be likely to switch ISP if they put blocks in place

In reality, this means millions could be considering a switch as nearly six million having tried to access a site that was blocked in the last week - nearly one in 10 across the country.

It's an issue even more pertinent for those aged 18 to 34, with nearly half (45 per cent) having tried to access a site that was blocked at some point.

While ISPs might block sites for various reasons, a quarter of Brits said they would switch ISP if they were blocked from viewing adult sites - with those living with partners the most likely to do so!

Now switching ISPs isn't going to help much if the BBFC, the government appointed porn censor, has dictated that all ISPs block porn sites. But maybe these 25% of internet users will take up alternatives such as subscribing to a VPN service.

 

 

Offsite Article: Millions of porn videos will not be blocked by UK online age checks...


Link Here 21st October 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The government makes changes such that image hosting sites, not identifying as porn sites, do not need age verification for porn images they carry

See article from theguardian.com

 

 

BBFC: Age verification we don't trust...

Analysis of BBFC's Post-Consultation Guidance by the Open Rights Group


Link Here 8th November 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Following the conclusion of their consultation period, the BBFC have issued new age verification guidance that has been laid before Parliament. It is unclear why, if the government now recognises that privacy protections like this are needed, the government would also leave the requirements as voluntary.

Summary

The new code has some important improvements, notably the introduction of a voluntary scheme for privacy, close to or based on a GDPR Code of Conduct. This is a good idea, but should not be put in place as a voluntary arrangement. Companies may not want the attention of a regulator, or may simply wish to apply lower or different standards, and ignore it. It is unclear why, if the government now recognises that privacy protections like this are needed, the government would also leave the requirements as voluntary.

We are also concerned that the voluntary scheme may not be up and running before the AV requirement is put in place. Given that 25 million UK adults are expected to sign up to these products within a few months of its launch, this would be very unhelpful.

Parliament should now:

  • Ask the government why the privacy scheme is to be voluntary, if the risks of relying on general data protection law are now recognised;
  • Ask for assurance from BBFC that the voluntary scheme will cover the all of the major operators; and
  • Ask for assurance from BBFC and DCMS that the voluntary privacy scheme will be up and running before obliging operators to put Age Verification measures in place.

The draft code can be found here .

Lack of Enforceability of Guidance

The Digital Economy Act does not allow the BBFC to judge age verification tools by any standard other than whether or not they sufficiently verify age. We asked that the BBFC persuade the DCMS that statutory requirements for privacy and security were required for age verification tools.

The BBFC have clearly acknowledged privacy and security concerns with age verification in their response. However, the BBFC indicate in their response that they have been working with the ICO and DCMS to create a voluntary certification scheme for age verification providers:

"This voluntary certification scheme will mean that age-verification providers may choose to be independently audited by a third party and then certified by the Age-verification Regulator. The third party's audit will include an assessment of an age-verification solution's compliance with strict privacy and data security requirements."

The lack of a requirement for additional and specific privacy regulation in the Digital Economy Act is the cause for this voluntary approach.

While a voluntary scheme above is likely to be of some assistance in promoting better standards among age verification providers, the "strict privacy and data security requirements" which the voluntary scheme mentions are not a statutory requirement, leaving some consumers at greater risk than others.

Sensitive Personal Data

The data handled by age verification systems is sensitive personal data. Age verification services must directly identify users in order to accurately verify age. Users will be viewing pornographic content, and the data about what specific content a user views is highly personal and sensitive. This has potentially disastrous consequences for individuals and families if the data is lost, leaked, or stolen.

Following a hack affecting Ashley Madison -- a dating website for extramarital affairs -- a number of the site's users were driven to suicide as a result of the public exposure of their sexual activities and interests.

For the purposes of GDPR, data handled by age verification systems falls under the criteria for sensitive personal data, as it amounts to "data concerning a natural person's sex life or sexual orientation".

Scheduling Concerns

It is of critical importance that any accreditation scheme for age verification providers, or GDPR code of conduct if one is established, is in place and functional before enforcement of the age verification provisions in the Digital Economy Act commences. All of the major providers who are expected to dominate the age verification market should undergo their audit under the scheme before consumers will be expected to use the tool. This is especially true when considering the fact that MindGeek have indicated their expectation that 20-25 million UK adults will sign up to their tool within the first few months of operation. A voluntary accreditation scheme that begins enforcement after all these people have already signed up would be unhelpful.

Consumers should be empowered to make informed decisions about the age verification tools that they choose from the very first day of enforcement. No delays are acceptable if users are expected to rely upon the scheme to inform themselves about the safety of their data. If this cannot be achieved prior to the start of expected enforcement of the DE Act's provisions, then the planned date for enforcement should be moved back to allow for the accreditation to be completed.

Issues with Lack of Consumer Choice

It is of vital importance that consumers, if they must verify their age, are given a choice of age verification providers when visiting a site. This enables users to choose which provider they trust with their highly sensitive age verification data and prevents one actor from dominating the market and thereby promoting detrimental practices with data. The BBFC also acknowledge the importance of this in their guidance, noting in 3.8:

"Although not a requirement under section 14(1) the BBFC recommends that online commercial pornography services offer a choice of age-verification methods for the end-user".

This does not go far enough to acknowledge the potential issues that may arise in a fragmented market where pornographic sites are free to offer only a single tool if they desire.

Without a statutory requirement for sites to offer all appropriate and available tools for age verification and log in purposes, it is likely that a market will be established in which one or two tools dominate. Smaller sites will then be forced to adopt these dominant tools as well, to avoid friction with consumers who would otherwise be required to sign up to a new provider.

This kind of market for age verification tools will provide little room for a smaller provider with a greater commitment to privacy or security to survive and robs users of the ability to choose who they trust with their data.

We already called for it to be made a statutory requirement that pornographic sites must offer a choice of providers to consumers who must age verify, however this suggestion has not been taken up.

We note that the BBFC has been working with the ICO and DCMS to produce a voluntary code of conduct. Perhaps a potential alternative solution would be to ensure that a site is only considered compliant if it offers users a number of tools which has been accredited under the additional privacy and security requirements of the voluntary scheme.

GDPR Codes of Conduct

A GDPR "Code of Conduct" is a mechanism for providing guidelines to organisations who process data in particular ways, and allows them to demonstrate compliance with the requirements of the GDPR.

A code of conduct is voluntary, but compliance is continually monitored by an appropriate body who are accredited by a supervisory authority. In this case, the "accredited body" would likely be the BBFC, and the "supervisory authority" would be the ICO. The code of conduct allows for certifications, seals and marks which indicate clearly to consumers that a service or product complies with the code.

Codes of conduct are expected to provide more specific guidance on exactly how data may be processed or stored. In the case of age verification data, the code could contain stipulations on:

  • Appropriate pseudonymisation of stored data;
  • Data and metadata retention periods;
  • Data minimisation recommendations;
  • Appropriate security measures for data storage;
  • Security breach notification procedures;
  • Re-use of data for other purposes.

The BBFC's proposed "voluntary standard" regime appears to be similar to a GDPR code of conduct, though it remains to be seen how specific the stipulations in the BBFC's standard are. A code of conduct would also involve being entered into the ICO's public register of UK approved codes of conduct, and the EPDB's public register for all codes of conduct in the EU.

Similarly, GDPR Recital 99 notes that "relevant stakeholders, including data subjects" should be consulted during the drafting period of a code of conduct - a requirement which is not in place for the BBFC's voluntary scheme.

It is possible that the BBFC have opted to create this voluntary scheme for age verification providers rather than use a code of conduct, because they felt they may not meet the GDPR requirements to be considered as an appropriate body to monitor compliance. Compliance must be monitored by a body who has demonstrated:

  • Their expertise in relation to the subject-matter;
  • They have established procedures to assess the ability of data processors to apply the code of conduct;
  • They have the ability to deal with complaints about infringements; and
  • Their tasks do not amount to a conflict of interest.
Parties Involved in the Code of Conduct Process

As noted by GDPR Recital 99, a consultation should be a public process which involves stakeholders and data subjects, and their responses should be taken into account during the drafting period:

"When drawing up a code of conduct, or when amending or extending such a code, associations and other bodies representing categories of controllers or processors should consult relevant stakeholders, including data subjects where feasible , and have regard to submissions received and views expressed in response to such consultations."

The code of conduct must be approved by a relevant supervisory authority (in this case the ICO).

An accredited body (BBFC) that establishes a code of conduct and monitors compliance is able to establish their own structures and procedures under GDPR Article 41 to handle complaints regarding infringements of the code, or regarding the way it has been implemented. BBFC would be liable for failures to regulate the code properly under Article 41(4), [1] however DCMS appear to have accepted the principle that the government would need to protect BBFC from such liabilities. [2]

GDPR Codes of Conduct and Risk Management

Below is a table of risks created by age verification which we identified during the consultation process. For each risk, we have considered whether a GDPR code of conduct may help to mitigate the effects of it.

Risk CoC Appropriate? Details
User identity may be correlated with viewed content. Partially This risk can never be entirely mitigated if AV is to go ahead, but a CoC could contain very strict restrictions on what identifying data could be stored after a successful age verification.
Identity may be associated to an IP address, location or device. No It would be very difficult for a CoC to mitigate this risk as the only safe mitigation would be not to collect user identity information.
An age verification provider could track users across all the websites it's tool is offered on. Yes Strict rules could be put in place about what data an age verification provider may store, and what data it is forbidden from storing.
Users may be incentivised to consent to further processing of their data in exchange for rewards (content, discounts etc.) Yes Age verification tools could be expressly forbidden from offering anything in exchange for user consent.
Leaked data creates major risks for identified individuals and cannot be revoked or adequately compensated for. Partially A CoC can never fully mitigate this risk if any data is being collected, but it could contain strict prohibitions on storing certain information and specify retention periods after which data must be destroyed, which may mitigate the impacts of a data breach.
Risks to the user of access via shared computers if viewing history is stored alongside age verification data. Yes A CoC could specify that any accounts for pornographic websites which may track viewed content must be strictly separate and not in any visible way linked to a user's age verification account or data that confirms their identity.
Age verification systems are likely to trade off convenience for security. (No 2FA, auto-login, etc.) Yes A CoC could stipulate that login cookies that "remember" a returning user must only persist for a short time period, and should recommend or enforce two-factor authentication.
The need to re-login to age verification services to access pornography in "private browsing" mode may lead people to avoid using this feature and generate much more data which is then stored. No A CoC cannot fix this issue. Private browsing by nature will not store any login cookies or other objects and will require the user to re-authenticate with age verification providers every time they wish to view adult content.
Users may turn to alternative tools to avoid age verification, which carry their own security risks. (Especially "free" VPN services or peer-to-peer networks). No Many UK adults, although over 18, will be uncomfortable with the need to submit identity documents to verify their age and will seek alternative means to access content. It is unlikely that many of these individuals will be persuaded by an accreditation under a GDPR code.
Age verification login details may be traded and shared among teenagers or younger children, which could lead to bullying or "outing" if such details are linked to viewed content. Yes Strict rules could be put in place about what data an age verification provider may store, and what data it is forbidden from storing.
Child abusers could use their access to age verified content as an adult as leverage to create and exploit relationships with children and teenagers seeking access to such content (grooming). No This risk will exist as long as age verification is providing a successful barrier to accessing such content for under-18s who wish to do so.
The sensitivity of content dealt with by age verification services means that users who fall victim to phishing scams or fraud have a lower propensity to report it to the relevant authorities. Partially A CoC or education campaign may help consumers identify trustworthy services, but it can not fix the core issue, which is that users are being socialised into it being "normal" to input their identity details into websites in exchange for pornography. Phishing scams resulting from age verification will appear and will be common, and the sensitivity of the content involved is a disincentive to reporting it.
The use of credit cards as an age verification mechanism creates an opportunity for fraudulent sites to engage in credit card theft. No Phishing and fraud will be common. A code of conduct which lists compliant sites and tools externally on the ICO website may be useful, but a phishing site may simply pretend to be another (compliant) tool, or rely on the fact that users are unlikely to check with the ICO every time they wish to view pornographic content.
The rush to get age verification tools to market means they may take significant shortcuts when it comes to privacy and security. Yes A CoC could assist in solving this issue if tools are given time to be assessed for compliance before the age verification regime commences .
A single age verification provider may come to dominate the market, leaving users little choice but to accept whatever terms the provider offers. Partially Practically, a CoC could mitigate some of the effects of an age verification tool monopoly if the dominant tool is accredited under the Code. However, this relies on users being empowered to demand compliance with a CoC, and it is possible that users will instead be left with a "take it or leave it" situation where the dominant tool is not CoC accredited.
Allowing pornography "monopolies" such as MindGeek to operate age verification tools is a conflict of interest. Partially As the BBFC note in their consultation response, it would not be reasonable to prohibit a pornographic content provider from running an age verification service as it would prevent any site from running their own tool. However, under a CoC it is possible that a degree of separation could be enforced that requires an age verification tools to adhere to strict rules about the use of data, which could mitigate the effects of a large pornographic content provider attempting to collect as much user data as possible for their own business purposes.
 

[1] "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: the obligations of the monitoring body pursuant to Article 41(4)."

[2] "contingent liability will provide indemnity to the British Board of Film Classification (BBFC) against legal proceedings brought against the BBFC in its role as the age verification regulator for online pornography."

 

 

Fireworks in the House...

The Lords discuss when age verification internet censorship will start


Link Here 13th November 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Pornographic Websites: Age Verification - Question

House of Lords on 5th November 2018 .

Baroness Benjamin Liberal Democrat

To ask Her Majesty 's Government what will be the commencement date for their plans to ensure that age-verification to prevent children accessing pornographic websites is implemented by the British Board of Film Classification .

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, we are now in the final stages of the process, and we have laid the BBFC 's draft guidance and the Online Pornography (Commercial Basis) Regulations before Parliament for approval. We will ensure that there is a sufficient period following parliamentary approval for the public and the industry to prepare for age verification. Once parliamentary proceedings have concluded, we will set a date by which commercial pornography websites will need to be compliant, following an implementation window. We expect that this date will be early in the new year.

Baroness Benjamin

I thank the Minister for his Answer. I cannot wait for that date to happen, but does he share my disgust and horror that social media companies such as Twitter state that their minimum age for membership is 13 yet make no attempt to restrict some of the most gross forms of pornography being exchanged via their platforms? Unfortunately, the Digital Economy Act does not affect these companies because they are not predominantly commercial porn publishers. Does he agree that the BBFC needs to develop mechanisms to evaluate the effectiveness of the legislation for restricting children's access to pornography via social media sites and put a stop to this unacceptable behaviour?

Lord Ashton of Hyde

My Lords, I agree that there are areas of concern on social media sites. As the noble Baroness rightly says, they are not covered by the Digital Economy Act . We had many hours of discussion about that in this House. However, she will be aware that we are producing an online harms White Paper in the winter in which some of these issues will be considered. If necessary, legislation will be brought forward to address these, and not only these but other harms too. I agree that the BBFC should find out about the effectiveness of the limited amount that age verification can do; it will commission research on that. Also, the Digital Economy Act itself made sure that the Secretary of State must review its effectiveness within 12 to 18 months.

Lord Griffiths of Burry Port Opposition Whip (Lords), Shadow Spokesperson (Digital, Culture, Media and Sport), Shadow Spokesperson (Wales)

My Lords, once again I find this issue raising a dynamic that we became familiar with in the only too recent past. The Government are to be congratulated on getting the Act on to the statute book and, indeed, on taking measures to identify a regulator as well as to indicate that secondary legislation will be brought forward to implement a number of the provisions of the Act. My worry is that, under one section of the Digital Economy Act , financial penalties can be imposed on those who infringe this need; the Government seem to have decided not to bring that provision into force at this time. I believe I can anticipate the Minister 's answer but--in view of the little drama we had last week over fixed-odds betting machines--we would not want the Government, having won our applause in this way, to slip back into putting things off or modifying things away from the position that we had all agreed we wanted.

Lord Ashton of Hyde

My Lords, I completely understand where the noble Lord is coming from but what he said is not quite right. The Digital Economy Act included a power that the Government could bring enforcement with financial penalties through a regulator. However, they decided--and this House decided--not to use that for the time being. For the moment, the regulator will act in a different way. But later on, if necessary, the Secretary of State could exercise that power. On timing and FOBTs, we thought carefully--as noble Lords can imagine--before we said that we expect the date will be early in the new year,

Lord Addington Liberal Democrat

My Lords, does the Minister agree that good health and sex education might be a way to counter some of the damaging effects? Can the Government make sure that is in place as soon as possible, so that this strange fantasy world is made slightly more real?

Lord Ashton of Hyde

The noble Lord is of course right that age verification itself is not the only answer. It does not cover every possibility of getting on to a pornography site. However, it is the first attempt of its kind in the world, which is why not only we but many other countries are looking at it. I agree that sex education in schools is very important and I believe it is being brought into the national curriculum already.

The Earl of Erroll Crossbench

Why is there so much wriggle room in section 6 of the guidance from the DCMS to the AV regulator? The ISP blocking probably will not work, because everyone will just get out of it. If we bring this into disrepute then the good guys, who would like to comply, probably will not; they will not be able to do so economically. All that was covered in British Standard PAS 1296, which was developed over three years. It seems to have been totally ignored by the DCMS. You have spent an awful lot of time getting there, but you have not got there.

Lord Ashton of Hyde

One of the reasons this has taken so long is that it is complicated. We in the DCMS , and many others, not least in this House, have spent a long time discussing the best way of achieving this. I am not immediately familiar with exactly what section 6 says, but when the statutory instrument comes before this House--it is an affirmative one to be discussed--I will have the answer ready for the noble Earl.

Lord West of Spithead Labour

My Lords, does the Minister not agree that the possession of a biometric card by the population would make the implementation of things such as this very much easier?

Lord Ashton of Hyde

In some ways it would, but there are problems with people who either do not want to or cannot have biometric cards.

 

 

Offsite Article: Online porn filters will never work...


Link Here 26th November 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Beyond the massive technical challenge, filters are a lazy alternative to effective sex education. By Lux Alptraum

See article from theverge.com

 

 

BBFC: Age Verification We Don't Trust...

The government's age verification scheme which leaves people's sensitive sexual preferences unprotected by law is to be presented for approval by the House of Lords


Link Here 10th December 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The following four motions are expected to be debated together in the House of Lords on 11th December 2018:

Online Pornography (Commercial Basis) Regulations 2018

Lord Ashton of Hyde to move that the draft Regulations laid before the House on 10 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 38th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

Guidance on Age-verification Arrangements

Lord Ashton of Hyde to move that the draft Guidance laid before the House on 25 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 39th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

Lord Stevenson of Balmacara to move that this House regrets that the draft Online Pornography (Commercial Basis) Regulations 2018 and the draft Guidance on Age-verification Arrangements do not bring into force section 19 of the Digital Economy Act 2017, which would have given the regulator powers to impose a financial penalty on persons who have not complied with their instructions to require that they have in place an age verification system which is fit for purpose and effectively managed so as to ensure that commercial pornographic material online will not normally be accessible by persons under the age of 18.

Guidance on Ancillary Service Providers

Lord Ashton of Hyde to move that the draft Guidance laid before the House on 25 October be approved. Special attention drawn to the instrument by the Joint Committee on Statutory Instruments, 39th Report, 4th Report from the Secondary Legislation Scrutiny Committee (Sub-Committee B)

The DCMS and BBFC age verification scheme has been widely panned as fundamentally the law provides no requirement to actually protect people's identity data that can be coupled with their sexual preferences and sexuality. The scheme only offers voluntary suggestions that age verification services and websites should protect their user's privacy. But one only has to look to Google, Facebook and Cambridge Analytica to see how worthless mere advice is. GDPR is often quoted but that only requires that user consent is obtained. One will have to simply to the consent to the 'improved user experience' tick box to watch the porn, and thereafter the companies can do what the fuck they like with the data.

See criticism of the scheme:

Security expert provides a detailed break down of the privacy and security failures of the age verification scheme

Parliamentary scrutiny committee condemns BBFC Age Verification Guidelines

Parliamentary scrutiny committee condemns as 'defective' a DCMS Statutory Instrument excusing Twitter and Google images from age verification.

 

 

BBFC age verification we don't trust...

The upcoming porn censorship regime has been approved by the Lords


Link Here 14th December 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

On Tuesday the House of Lords approved the BBFC's scheme to implement internet porn censorship in the UK. Approval will now be sought from the House of Commons.

The debate in the Lords mentioned a few issues in passing but they seemed to be avoiding taking about some of the horrors of the scheme.

The Digital Economy Act defining the law behind the scheme offers no legal requirement for age verification providers to restrict how they can use porn viewers data. Lords mentioned that it is protected under the GDPR rules but these rules still let companies do whatever they like with data, just with the proviso that they ask for consent. But of course the consent is pretty mandatory to sign up for age verification, and some of the biggest internet companies in the world have set the precedent they can explain wide ranging usage of the data claiming it will be used say to improve customer experience.

Even if the lords didn't push very hard, people at the DCMS or BBFC have been considering this deficiency, and have come up with the idea that data use should be voluntarily restricted according to a kite mark scheme. Age verification schemes will have their privacy protections audited by some independent group and if they pass they can display a gold star. Porn viewers are then expected to trust age verification schemes with a gold star. But unfortunately it sounds a little like the sort of process that decided that cladding was safe for high rise blocks of flats.

The lords were much more concerned about the age verification requirements for social media and search engines, notably Twitter and Google Images. Clearly age verification schemes required for checking that users are 13 or 18 will be very different from an 18 only check, and will be technically very different. So the Government explained that these wider issues will be addressed in a new censorship white paper to be published in 2019.

The lords were also a bit perturbed that the definition of banned material wasn't wide enough for their own preferences. Under the current scheme the BBFC will be expected to ban totally any websites with child porn or extreme porn. The lords wondered why this wasn't extended to cartoon porn and beyond R18 porn, presumably thinking of fisting, golden showers and the like. However in reality if the definition of bannable porn was extended, then every major porn website in the word would have to be banned by the BBFC. And anyway the government is changing its censorship rules such that fisting and golden showers are, or will soon be, allowable at R18 anyway.

The debate revealed that the banks and payment providers have already agreed to ban payments to websites banned by the BBFC. The government also confirmed its intention to get the scheme up and running by April. Saying that, it would seem a little unfair for the website's 3 month implementation period to be set running before their age verification options are accredited with their gold stars. Otherwise some websites would waste time and money implementing schemes that may later be declared unacceptable.

Next a motion to approve draft legislation over the UK's age-verification regulations will be debated in the House of Commons. Stephen Winyard, AVSecure s chief marketing officer, told XBIZ:

We are particularly pleased that the prime minister is set to approve the draft guidance for the age-verification law on Monday. From this, the Department for Digital, Culture, Media and Sport will issue the effective start date and that will be around Easter.

But maybe the prime minister has a few more urgent issues on her mind at the moment.

 

 

A censorship agenda...

MPs nod through the BBFC internet porn censorship guidelines


Link Here 19th December 2018
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The House of Commons approved the upcoming internet porn censorship scheme to be implemented by the BBFC from about Easter 2019.

The debate was set for 3 sections to approve each of the 3 documents defining the BBFC censorship guidelines. Each was allotted 90 minutes for a detailed debate on how the BBFC would proceed. However following a Brexit debate the debate was curtailed to a single 90 minute session covering all 3 sections.

It didn't matter much as the debate consisted only of MPs with a feminist agenda saying how the scope of the censorship didn't go far enough. Even the government spokeswoman leading the debate didn't understand why the rules didn't go further in extending sites being censored to social media; and why the range of porn to be banned outright wasn't more extensive.

Hardly a word said was relevant to the topic of examining the BBFC guidelines.  Issues of practicality, privacy, the endangerment of porn viewers from fraud, outing and blackmail are clearly of no interest to MPs.

The MPs duly nodded their approval of the BBFC regime and so it will soon be announced when the censorship will commence.

The age verification service provider was quick to follow up with a press release extolling the virtues of its porn viewing card approach. Several newspapers obliging published articles using it, eg  See  Porn sites 'will all require proof of age from April 2019' -- here's how it'll work from metro.co.uk

 

 

The dangers lurking behind age verification schemes...

UK internet porn censorship marches on with the publication of a new law supporting age verification


Link Here 11th January 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The government has published Online Pornography (Commercial Basis) Regulations 2019 which defines which websites get caught up in upcoming internet porn censorship requirements and how social media websites are excused from the censorship.

These new laws will come into force on the day that subsection (1) of section 14 of the Digital Economy Act 2017 comes fully into force. This is the section that introduces porn censorship and age verification requirements. This date has not yet been announced but the government has promised to give at least 3 months notice.

So now websites which are more than one-third pornographic content or else those that promote themselves as pornographic will be obliged to verify the age of UK visitors under. However the law does not provide any specific protection for porn viewers' data beyond the GDPR requirements to obtain nominal consent before using the data obtained for any purpose the websites may desire.

The BBFC and ICO will initiate a voluntary kitemark scheme so that porn websites and age verification providers can be audited as holding porn browsing data and identity details responsibly. This scheme has not yet produced any audited providers so it seems a little unfair to demand that websites choose age verification technology before service providers are checked out.

It all seems extraordinarily dangerous for porn users to submit their identity to adult websites or age verification providers without any protection under law. The BBFC has offered worthless calls for these companies to handle data responsibly, but so many of the world's major website companies have proven themselves to be untrustworthy, and hackers, spammers, scammers, blackmailers and identity thieves are hardly likely to take note of the BBFC's fine words eg suggesting 'best practice' when implementing age verification.

Neil Brown, the MD of law firm decoded.legal told Sky News:

It is not clear how this age verification will be done, and whether it can be done without also have to prove identity, and there are concerns about the lack of specific privacy and security safeguards.

Even though this legislation has received quite a lot of attention, I doubt most internet users will be aware of what looks like an imminent requirement to obtain a 'porn licence' before watching pornography online.

The government's own impact assessment recognises that it is not guaranteed to succeed, and I suspect we will see an increase in advertising from providers in the near future.

It would seem particularly stupid to open one up to the dangers of have browsing and identity tracked, so surely it is time to get oneself protected with a VPN, which enables one to continue accessing porn without having to hand over identity details.

 

 

Unprotected sex...

Gay website closes as user fears of being outed via age verification makes the site too dangerous for it to be viable


Link Here 17th January 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
gaystarnews.com has published an article outlining the dangers of porn viewers submitting their identity data and browsing history to age verifiers and their websites. The article explains that the dangers for gay porn viewers are even mor pronounced that for straight viewers. The artisle illustrates this with an example:

David Bridle, the publisher of Dirty Boyz , announced in October that last month's issue of the magazine would be its last. He said:

Following the Conservative government's decision ... to press ahead with new regulations forcing websites which make money from adult content to carry an age verification system ... Dirtyboyz and its website dirtyboyz.xxx have made the decision to close.

The new age verification system will be mostly run by large adult content companies which themselves host major "Tube" style porn sites. 'It would force online readers of Dirtyboyz to publicly declare themselves.

Open Rights Group executive director, Jim Killock, told GSN the privacy of users needs protecting:

The issue with age verification systems is that they need to know it's you. This means there's a strong likelihood that it will basically track you and know what you're watching. And that's data that could be very harmful to people.

It could cause issues in relationships. Or it could see children outed to their parents. It could mean people are subjected to scams and blackmail if that data falls into criminal hands. Government response

A spokesperson for the Department of Culture, Media and Sport (DCMS) told Gay Star News:

Pornographic websites and age verification services will be subject to the UK's existing high standard of data protection legislation. The Data Protection Act 2018 provides a comprehensive and modern framework for data protection, with strong sanctions for malpractice and enforced by the Information Commissioner's Office.

But this is bollox, the likes of Facebook and Google are allowed to sell browsing data for eg targeted advertising within the remit of GDPR. And targeted advertising could be enough in itself to out porn viewers.

 

 

Unsurprising result from one side of the debate...

InternetMatters.org publishes a survey showing that 83% of parents support age verification for porn


Link Here 23rd January 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
InternetMatters.org is group funded by UK internet and telecoms companies with the aim of promoting their role in internet safety.

The group has now published a survey supporting the government's upcoming introduction of age verification requirements for porn websites. The results reveal:

  • 83% feel that commercial porn sites should demand users verify their age before they're able to access content.
  • 76% of UK parents feel there should be greater restrictions online to stop kids seeing adult content.
  • 69% of parents of children aged four to 16 say they're confident the government's new ID restrictions will make a difference.

However 17% disagreed with commercial porn sites requiring ID from their users. And the use of data was the biggest obstacle for those parents opposed to the plans. Of those parents who are anti-age verification, 30% said they wouldn't trust age-verification companies with their personal data.

While 18% of parents claim they expect kids would find a way to get around age-verification and a further 13% claim they're unsure that it would actually reduce the number of children accessing pornography. Age-verification supported by experts

 

 

Offsite Article: The age of market dominance...


Link Here 4th February 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The Register talks to Pornhub's Age ID about progress of UK Age verification schemes

See article from theregister.co.uk

 

 

The BBFC didn't turn up...

Open Rights Group met to discuss the BBFC's age verification scheme with its voluntary privacy protection


Link Here 28th February 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

We met to discuss BBFC's voluntary age verification privacy scheme, but BBFC did not attend. Open Rights Group met a number of age verification providers to discuss the privacy standards that they will be meeting when the scheme launches, slated for April. Up to 20 million UK adults are expected to sign up to these products.

We invited all the AV providers we know about, and most importantly, the BBFC, at the start of February. BBFC are about to launch a voluntary privacy standard which some of the providers will sign up to. Unfortunately, BBFC have not committed to any public consultation about the scheme, relying instead on a commercial provider to draft the contents with providers, but without wider feedback from privacy experts and people who are concerned about users.

We held the offices close to the BBFC's offices in order that it would be convenient for them to send someone that might be able to discuss this with us. We have been asking for meetings with BBFC about the privacy issues in the new code since October 2018: but have not received any reply or acknowledgement of our requests, until this morning, when BBFC said they would be unable to attend today's roundtable. This is very disappointing.

BBFC's failure to consult the public about this standard, or even to meet us to discuss our concerns, is alarming. We can understand that BBFC is cautious and does not wish to overstep its relationship with its new masters at DCMS. BBFC may be worried about ORG's attitude towards the scheme: and we certainly are critical. However, it is not responsible for a regulator to fail to talk to its potential critics.

We are very clear about our objectives. We are acting to do our best to ensure the risk to adult users of age verification technologies are minimised. We do not pose a threat to the scheme as a whole: listening to us can only result in making the pornographic age verification scheme more likely to succeed, and for instance, to avoid catastrophic failures.

Privacy concerns appear to have been recognised by BBFC and DCMS as a result of consultation responses from ORG supporters and others, which resulted in the voluntary privacy standard. These concerns have also been highlighted by Parliament, whose regulatory committee expressed surprise that the Digital Economy Act 2017 had contained no provision to deal with the privacy implications of pornographic age verification.

Today's meeting was held to discuss:

  • What the scheme is likely to cover; and what it ideally should cover;

  • Whether there is any prospect of making the scheme compulsory;

  • What should be done about non-compliant services;

  • What the governance of the scheme should be in the long tern, for instance whether it might be suitable to become an ICO backed code, or complement such as code

As we communicated to BBFC in December 2018, we have considerable worries about the lack of consultation over the standard they are writing, which appears to be truncated in order to meet the artificial deadline of April this year. This is what we explained to BBFC in our email:

  • Security requires as many perspectives to be considered as possible.

  • The best security standards eg PCI DSS are developed in the open and iterated

  • The standards will be best if those with most to lose are involved in the design.
     

    • For PCI DSS, the banks and their customers have more to lose than the processors

    • For Age Verification, site users have more to lose than the processors, however only the processors seem likely to be involved in setting the standard

We look forward to BBFC agreeing to meet us to discuss the outcome of the roundtable we held about their scheme, and to discuss our concerns about the new voluntary privacy standard. Meanwhile, we will produce a note from the meeting, which we believe was useful. It covered the concerns above, and issues around timing, as well as strategies for getting government to adjust their view of the absence of compulsory standards, which many of the providers want. In this, BBFC are a critical actor. ORG also intends as a result of the meeting to start to produce a note explaining what an effective privacy scheme would cover, in terms of scope, risks to mitigate, governance and enforcement for participants.

 

 

AgeID scarily will require an email address and ID to view PornHub...

There's also a rather unconvincing option to use an app, but that seems to ID your device instead


Link Here 4th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Pornhub and sister websites will soon require ID from users before being able to browse its porn.

The government most recently suggested that this requirement would start from about Easter this year, but this date has already slipped. The government will give 3 months notice of the start date and as this has not yet been announced, the earliest start date is currently in June.

Pornhub and YouPorn will use the AgeID system, which requires users to identify themselves with an email address and a credit card, passport, driving licence or an age verified mobile phone number.

Metro.co.uk spoke to a spokesperson from AgeID to find out how it will work (and what you'll actually see when you try to log in). James Clark, AgeID spokesperson, said:

When a user first visits a site protected by AgeID, a landing page will appear with a prompt for the user to verify their age before they can access the site.

First, a user can register an AgeID account using an email address and password. The user verifies their email address and then chooses an age verification option from our list of 3rd party providers, using options such as Mobile SMS, Credit Card, Passport, or Driving Licence.

The second option is to purchase a PortesCard or voucher from a retail outlet. Using this method, a customer does not need to register an email address, and can simply access the site using the Portes app.

Thereafter, users will be able to use this username/password combination to log into all porn sites which use the Age ID system.

It is a one-time verification, with a simple single sign-on for future access. If a user verifies on one AgeID protected site, they will not need to perform this verification again on any other site carrying AgeID.

The PortesCard is available to purchase from selected high street retailers and any of the UK's 29,000 PayPoint outlets as a voucher. Once a card or voucher is purchased, its unique validation code must be activated via the Portes app within 24 hours before expiring.

If a user changes device or uses a fresh browser, they will need to login with the credentials they used to register. If using the same browser/device, the user has a choice as to whether they wish to login every time, for instance if they are on a shared device (the default option), or instead allow AgeID to log them in automatically, perhaps on a mobile phone or other personal device.

Clark claimed that AgeID's system does not store details of people's ID, nor does it store their browsing history. This sounds a little unconvincing and must be taken on trust. And this statement rather seems to be contradicted by a previous line noting that user's email will be verified, so that piece of identity information at least will need to be stored and read.

The Portes App solution seems a little doubtful too. It claims not to log device data and then goes on to explain that the PortesCard needs to be locked to a device, rather suggesting that it will in fact be using device data. It will be interesting to see what app permissions the app will require when installing. Hopefully it won't ask to read your contact list.

This AgeID statement rather leaves the AVSecure card idea in the cold. The AVSecure system of proving your age anonymously at a shop, and then obtaining a password for use on porn websites seems to be the most genuinely anonymous idea suggested so far, but it will be pretty useless if it can't be used on the main porn websites.

 

 

Maybe realisation that endangering parents is not a good way to protect children...

Sky News confirms that porn age verification will not be starting from April 2019 and notes that a start date has yet to be set


Link Here 6th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Sky News has learned that the government has delayed setting a date for when age verification rules will come into force due to concerns regarding the security and human rights issues posed by the rules. A DCMS representative said:

This is a world-leading step forward to protect our children from adult content which is currently far too easy to access online.

The government, and the BBFC as the regulator, have taken the time to get this right and we will announce a commencement date shortly.

Previously the government indicated that age verification would start from about Easter but the law states that 3 months notice must be given for the start date. Official notice has yet to be published so the earliest it could start is already June 2019.

The basic issue is that the Digital Economy Act underpinning age verification does not mandate that identity data and browsing provided of porn users should be protected by law. The law makers thought that GDPR would be sufficient for data protection, but in fact it only requires that user consent is required for use of that data. All it requires is for users to tick the consent box, probably without reading the deliberately verbose or vague terms and conditions provided. After getting the box ticked the age verifier can then do more or less what they want to do with the data.

Realising that this voluntary system is hardly ideal, and that the world's largest internet porn company Mindgeek is likely to become the monopoly gatekeeper of the scheme, the government has moved on to considering some sort of voluntary kitemark scheme to try and convince porn users that an age verification company can be trusted with the data. The kitemark scheme would appoint an audit company to investigate the age verification implementations and to approve those that use good practises.

I would guess that this scheme is difficult to set up as it would be a major risk for audit companies to approve age verification systems based upon voluntary data protection rules. If an 'approved' company were later found to be selling, misusing data or even getting hacked, then the auditor could be sued for negligent advice, whilst the age verification company could get off scot-free.

 

 

Offsite Article: A review of age verification methods...


Link Here 14th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
This is how age verification will work under the UK's porn censorship law

See article from wired.co.uk

 

 

Offsite Article: Don't be a verified idiot...


Link Here 16th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Get a VPN. The Guardian outlines some of the dangers of getting age verified for porn

See article from theguardian.com

 

 

Offsite Article: Britain's Pornographer and Puritan Coalition...


Link Here 21st March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Backlash speculates that the UK's upcoming porn censorship will play into the hands of foreign tube site monopolies

See article from backlash.org.uk

 

 

Commented No they're not thinking of the children...

The Guardian suggests that the start of internet porn censorship will be timed to help heal the government's reputational wounds after the Brexit debacle


Link Here 25th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The Observer today published an article generally supporting the upcoming porn censorship and age verification regime. It did have one interesting point to note though:

Brexit's impact on the pornography industry has gone unnoticed. But the chaos caused by the UK's disorderly exit from the European Union even stretches into the grubbier parts of cyberspace.

A new law forcing pornography users to prove that they are adults was supposed to be introduced early next month. But sources told the Observer that it may not be unveiled until after the Brexit impasse is resolved as the government, desperate for other things to talk about, believes it will be a good news story that will play well with the public when it is eventually unveiled.

Comment: The illiberal Observer

25th March 2019. Thanks to Alan

Bloody hell! Have you seen this fuckwittage from the purportedly liberal Observer?

Posh-boy churnalist Jamie (definitely not Jim) Doward regurgitates the bile of authoritarian feminist Gail Dines about the crackpot attempt to stop children accessing a bit of porn. This is total bollox.

It's getting on for sixty years since I spotted that my girl contemporaries were taking on a different and interesting shape - a phenomenon I researched by reference to two bodies of literature: those helpful little books for the amateur and professional photographer in which each photo of a lady was accompanied by F number and exposure time and those periodicals devoted to naturism. This involved no greater subterfuge than taking off my school cap and turning up my raincoat collar to hide my school tie. I would fervently hope that today's lads can run rings round parental controls and similar nonsense.

 

 

Someone's telling stories...

The BBFC has made a pretty poor show of setting out guidelines for the technical implementation of age verification, and now the Stop Age Verification campaign has pointed out that the BBFC has made legal errors about text porn


Link Here 25th March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC seems a little behind the curve in its role as porn censor. Its initial draft of its guidelines gave absolutely no concern for the safety and well being of porn users. The BBFC spoke of incredibly sensitive identity and browsing date being entrusted to adult websites and age verifiers, purely on the forlorn hope that these companies would follow 'best practice' voluntary guidelines to keep the data safe. The BBFC offered next to no guidelines that defined how age verification should work and what it really needs to do.

As time has moved on, it has obviously occurred to the BBFC or the government that this was simply not good enough, so we are now waiting on the implementation of some sort of kite marking scheme to try to provide at least a modicum of trust in age verifiers to keep this sensitive data safe.

But even in this period of rework, the BBFC hasn't been keeping interested parties informed of what's going on. The BBFC seem very reluctant to advise or inform anyone of anything. Perhaps the rework is being driven by the government and maybe the BBFC isn't in a position to be any more helpful.

Anyway it is interesting to note that in an article from stopageverification.org.uk , that the BBFC has been reported to being overstepping the remit of the age verification laws contained in the Digital Economy Act:

The BBFC posts this on the Age verifiers website :

All types of pornographic content are within the scope of the legislation. The legislation does not exclude audio or text from its definition of pornography. All providers of commercial online pornography to persons in the UK are required to comply with the age-verification requirement.

Except that's not what the legislation says :

Pornographic material is defined in s.15 of the act. This sets out nine categories of material. Material is defined in that section (15(2) as material means204 (a) a series of visual images shown as a moving picture, with or without sound; (b) a still image or series of still images, with or without sound; or (c) sound;

It clearly doesn't mention text.

The BBFC need to be clear in their role as Age Verifier. They can only apply the law as enacted by Parliament. If they seek to go beyond that they could be at risk of court action.

 

 

Updated: The State of Play...

Age verification and UK internet porn censorship


Link Here 31st March 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The Government has been very secretive about its progress towards the starting of internet censorship for porn in the UK. Meanwhile the appointed internet porn censor, the BBFC, has withdrawn into its shell to hide from the flak. It has uttered hardly a helpful word on the subject in the last six months, just at a time when newspapers have been printing uniformed news items based on old guesstimates of when the scheme will start.

The last target date was specified months ago when DCMS minister Margot James suggested that it was intended to get the scheme going around Easter of 2019. This date was not achieved but the newspapers seem to have jumped to the conclusion that the scheme would start on 1st April 2019. The only official response to this false news is that the DCMS will now be announcing the start date shortly.

So what has been going on?

Well it seems that maybe the government realised that asking porn websites and age verification services to demand that porn users identify themselves without any real legal protection on how that data can be used is perhaps not the wisest thing to do. Jim Killock of Open Rights Group explains that the delays are due to serious concerns about privacy and data collection:

When they consulted about the shape of age verification last summer they were surprised to find that nearly everyone who wrote back to them in that consultation said this was a privacy disaster and they need to make sure people's data doesn't get leaked out.

Because if it does it could be that people are outed, have their relationships break down, their careers could be damaged, even for looking at legal material.

The delays have been very much to do with the fact that privacy has been considered at the last minute and they're having to try to find some way to make these services a bit safer. It's introduced a policy to certify some of the products as better for privacy (than others) but it's not compulsory and anybody who chooses one of those products might find they (the companies behind the sites) opt out of the privacy scheme at some point in the future.

And there are huge commercial pressures to do this because as we know with Facebook and Google user data is extremely valuable, it tells you lots about what somebody likes or dislikes or might want or not want.

So those commercial pressures will kick in and they'll try to start to monetise that data and all of that data if it leaked out would be very damaging to people so it should simply never be collected.

So the government has been working on a voluntary kite mark scheme to approve age verifiers that can demonstrate to an auditor they will keep user data safe. This scheme seems to be in its early stages as the audit policy was first outlines to age verifiers on 13th March 2019. AvSecure reported on Twitter:

Friday saw several AV companies meet with the BBFC & the accreditation firm, who presented the framework & details of the proposed scheme.

Whilst the scheme itself seems very deep & comprehensive, there were several questions asked that we are all awaiting answers on.

The Register reports that AgeID has already commissioned a data security audit using the information security company, the NCC Group. Perhaps that company can therefore be rapidly approved by the official auditor, whose identity seems to being kept secret.

So the implementation schedule must presumably be that the age verifiers get audited over the next couple of months and then after that the government can give websites the official 3 months notice required to give websites time to implement the now accredited age verification schemes.

The commencement date will perhaps be about 5 or 6 months from now.

Update: Announcement this week

31st March 2019. See  article from thetimes.co.uk

The government is expected to announce a timetable on Wednesday for the long-awaited measure to force commercial providers of online porn to check users' ages.

 

 

Offsite Article: Porn Wars...


Link Here 8th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
sex, Lies And The Battle To Control Britain's Internet. By David Flint

See article from reprobatepress.com

 

 

The Great British Firewall...

Zippyshare blocks itself from UK access


Link Here 11th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Zippyshare is a long running data locker and file sharing platform that is well known particularly for the distribution of porn.

Last month UK users noted that they have been blocked from accessing the website and that it can now only be accessed via a VPN.

Zippyshare themselves has made no comment about the block, but TorrentFreak have investigated the censorship and have determined that the block is self imposed and is not down to action by UK courts or ISPs.

Alan wonders if this is a premature reaction to the Great British Firewall, noting it's quite a popular platform for free porn.

Of course it poses the interesting question that if websites generally decide to address the issue of UK porn censorship by self imposed blocks, then keen users will simply have to get themselves VPNs. Being willing to sign up for age verification simply won't work. Perhaps VPNs will be next to mandatory for British porn users, and age verification will become an unused technology.

 

 

Well if they legislate without giving a shit about the safety and privacy of porn users...

WebUser magazine kindly informs readers how to avoid being endangered by age verification


Link Here 13th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The legislators behind the Digital Economy Act couldn't be bothered to include any provisions for websites and age verifiers to keep the identity and browsing history of porn users safe. It has now started to dawn on the authorities that this was a mistake. They are currently implementing a voluntary kitemark scheme to try and assure users that porn website's and age verifier's claims of keeping data safe can be borne out.

It is hardly surprising that significant numbers of people are likely to be interested in avoiding having to register their identity details before being able to access porn.

It seems obvious that information about VPNs and Tor will therefore be readily circulated amongst any online community with an interest in keeping safe. But perhaps it is a little bit of a shock to see it is such large letters in a mainstream magazine on the shelves of supermarkets and newsagents.

And perhaps anther thought is that once the BBFC starting ISPs to block non-compliant websites then circumvention will be the only way see your blocked favourite websites. So people stupidly signing up to age verification will have less access to porn and a worse service than those that circumvent it.

 

 

Offsite Article: The UK Government Risks Facilitating a Porn Monopoly...


Link Here 14th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Spare a thought for how age verification censorship affects British small adult businesses and sex workers. By Freya Pratty

See article from novaramedia.com

 

 

Get a VPN or fill your boots now! There's 3 months left for unhindered porn downloading...

The government announces that its internet porn censorship scheme will come into force on 15th July 2019


Link Here 17th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The UK will become the first country in the world to bring in age-verification for online pornography when the measures come into force on 15 July 2019.

It means that commercial providers of online pornography will be required by law to carry out robust age-verification checks on users, to ensure that they are 18 or over.

Websites that fail to implement age-verification technology face having payment services withdrawn or being blocked for UK users.

The British Board of Film Classification (BBFC) will be responsible for ensuring compliance with the new laws. They have confirmed that they will begin enforcement on 15 July, following an implementation period to allow websites time to comply with the new standards.

Minister for Digital Margot James said that she wanted the UK to be the most censored place in the world to b eonline:

Adult content is currently far too easy for children to access online. The introduction of mandatory age-verification is a world-first, and we've taken the time to balance privacy concerns with the need to protect children from inappropriate content. We want the UK to be the safest place in the world to be online, and these new laws will help us achieve this.

Government has listened carefully to privacy concerns and is clear that age-verification arrangements should only be concerned with verifying age, not identity. In addition to the requirement for all age-verification providers to comply with General Data Protection Regulation (GDPR) standards, the BBFC have created a voluntary certification scheme, the Age-verification Certificate (AVC), which will assess the data security standards of AV providers. The AVC has been developed in cooperation with industry, with input from government.

Certified age-verification solutions which offer these robust data protection conditions will be certified following an independent assessment and will carry the BBFC's new green 'AV' symbol. Details will also be published on the BBFC's age-verification website, ageverificationregulator.com so consumers can make an informed choice between age-verification providers.

BBFC Chief Executive David Austin said:

The introduction of age-verification to restrict access to commercial pornographic websites to adults is a ground breaking child protection measure. Age-verification will help prevent children from accessing pornographic content online and means the UK is leading the way in internet safety.

On entry into force, consumers will be able to identify that an age-verification provider has met rigorous security and data checks if they carry the BBFC's new green 'AV' symbol.

The change in law is part of the Government's commitment to making the UK the safest place in the world to be online, especially for children. It follows last week's publication of the Online Harms White Paper which set out clear responsibilities for tech companies to keep UK citizens safe online, how these responsibilities should be met and what would happen if they are not.

 

 

Offsite Article: Age verification won't block porn...


Link Here 18th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
But it will spell the end of ethical porn. By Girl on the Net

See article from theguardian.com

 

 

Is it safe?...

Is your identity data and porn browsing history safe with an age verification service sporting a green BBFC AV badge?...Err...No!...


Link Here 19th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The Interrogator :

Is it safe?

The BBFC (on its Age Verification website)...err...no!...:

An assessment and accreditation under the AVC is not a guarantee that the age-verification provider and its solution (including its third party companies) comply with the relevant legislation and standards, or that all data is safe from malicious or criminal interference.

Accordingly the BBFC shall not be responsible for any losses, damages, liabilities or claims of whatever nature, direct or indirect, suffered by any age-verification provider, pornography services or consumers/ users of age-verification provider's services or pornography services or any other person as a result of their reliance on the fact that an age-verification provider has been assessed under the scheme and has obtained an Age-verification Certificate or otherwise in connection with the scheme.

 

 

Smart phones only for porn viewing?...

VPNCompare reports a significant increase in website visitors in response to upcoming porn censorship. Meanwhile age verifications options announced so far for major websites seem to be apps only


Link Here 20th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
VPNCompare is reporting that internet users in Britain are responding to the upcoming porn censorship regime by investigating the option to get a VPN so as to workaround most age verification requirements without handing over dangerous identity details.

VPNCompare says that the number of UK visitors to its website has increased by 55% since the start date of the censorship scheme was announced. The website also sated that Google searches for VPNs had trippled. Website editor, Christopher Seward told the Independent:

We saw a 55 per cent increase in UK visitors alone compared to the same period the previous day. As the start date for the new regime draws closer, we can expect this number to rise even further and the number of VPN users in the UK is likely to go through the roof.

The UK Government has completely failed to consider the fact that VPNs can be easily used to get around blocks such as these.

Whilst the immediate assumption is that porn viewers will reach for a VPN to avoid handing over dangerous identity information, there may be another reason to take out a VPN, a lack of choice of appropriate options for age validation.

3 companies run the 6 biggest adult websites. Mindgeek owns Pornhub, RedTube and Youporn. Then there is Xhamster and finally Xvideos and xnxx are connected.

Now Mindgeek has announced that it will partner with Portes Card for age verification, which has options for identity verification, giving a age verified mobile phone number, or else buying  a voucher in a shop and showing age ID to the shop keeper (which is hopefully not copied or recorded).

Meanwhile Xhamster has announced that it is partnering with 1Account which accepts a verified mobile phone, credit card, debit card, or UK drivers licence. It does not seem to have an option for anonymous verification beyond a phone being age verified without having to show ID.

Perhaps most interestingly is that both of these age verifiers are smart phone based apps. Perhaps the only option for people without a phone is to get a VPN. I also spotted that most age verification providers that I have looked at seem to be only interested in UK cards, drivers licences or passports. I'd have thought there may be legal issues in not accepting EU equivalents. But foreigners may also be in the situation of not being able to age verify and so need a VPN.

And of course the very fact that is no age verification option common to the major porn website then it may just turn out to be an awful lot simpler just to get a VPN.

 

 

Offsite Article: A good summary of where we are at...


Link Here 21st April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Politics, privacy and porn: the challenges of age-verification technology. By Ray Allison

See article from computerweekly.com

 

 

Bad Research And Block Heads...

David Flint looks into flimsy porn evidence used to justify government censorship


Link Here 22nd April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

 

 

Fundamentally flawed and not fit for purpose...

Well known security expert does a bit of a hatchet job on the BBFC Age Verification Certificate Standard


Link Here 27th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Starting with a little background into the authorship of the document under review. AVSecure CMO Steve Winyard told XBIZ:

The accreditation plan appears to have very strict rules and was crafted with significant input from various governmental bodies, including the DCMS (Department for Culture, Media & Sport), NCC Group plc (an expert security and audit firm), GCHQ (U.K. Intelligence and Security Agency), ICO (Information Commissioner's Office) and of course the BBFC.

But computer security expert Alec Muffett writes:

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

....

This document's approach to data protection is fundamentally flawed.

The (considerably) safer approach - one easier to certificate/validate/police - would be to say everything is forbidden except for upon for ; you would then allow vendors to appeal for exceptions under review.

It makes a few passes at pretending that this is what it's doing, but with subjective holes (green) that you can drive a truck through:

...

What we have here is a rehash of quite a lot of reasonable physical/operational security, business continuity & personnel security management thinking -- with digital stuff almost entirely punted.

It's better than #PAS1296 , but it's still not fit for purpose.

Read the full thread

 

 

Offsite Article: How the U.K. Won't Keep Porn Away From Teens...


Link Here 4th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The New York Times takes a sceptical look at the upcoming porn censorship regime

See article from nytimes.com

 

 

Tightening the purse strings...

BBFC warns that age verification should not be coupled with electronic wallets


Link Here 4th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC has re-iterated that its Age Verification certification scheme does not allow for personal data to be used for another purpose beyond age verification. In particular age verification should not be coupled with electronic wallets.

Presumably this is intended to prevent personal date identifying porn users to be dangerously stored in databases use for other purposes.

In passing, this suggests that there may be commercial issues as age verification systems for porn may not be reusable for age verification for social media usage or identity verification required for online gambling. I suspect that several AV providers are only interested in porn as a way to get established for social media age verification.

This BBFC warning may be of particular interest to users of the porn site xHamster. The preferred AV option for that website is the electronic wallet 1Account.

The BBFC write in a press release:

The Age-verification Regulator under the UK's Digital Economy Act, the British Board of Film Classification (BBFC), has advised age-verification providers that they will not be certified under the Age-verification Certificate (AVC) if they use a digital wallet in their solution.

The AVC is a voluntary, non-statutory scheme that has been designed specifically to ensure age-verification providers maintain high standards of privacy and data security. The AVC will ensure data minimisation, and that there is no handover of personal information used to verify an individual is over 18 between certified age-verification providers and commercial pornography services. The only data that should be shared between a certified AV provider and an adult website is a token or flag indicating that the consumer has either passed or failed age-verification.

Murray Perkins, Policy Director for the BBFC, said:

A consumer should be able to consider that their engagement with an age-verification provider is something temporary.

In order to preserve consumer confidence in age-verification and the AVC, it was not considered appropriate to allow certified AV providers to offer other services to consumers, for example by way of marketing or by the creation of a digital wallet. The AVC is necessarily robust in order to allow consumers a high level of confidence in the age-verification solutions they choose to use.

Accredited providers will be indicated by the BBFC's green AV symbol, which is what consumers should look out for. Details of the independent assessment will also be published on the BBFC's age-verification website, ageverificationregulator.com, so consumers can make an informed choice between age-verification providers.

The Standard for the AVC imposes limits on the use of data collected for the purpose of age-verification, and sets out requirements for data minimisation.

The AVC Standard has been developed by the BBFC and NCC Group - who are experts in cyber security and data protection - in cooperation with industry, with the support of government, including the National Cyber Security Centre and Chief Scientific Advisors, and in consultation with the Information Commissioner's Office. In order to be certified, AV Providers will undergo an on-site audit as well as a penetration test.

Further announcements will be made on AV Providers' certification under the scheme ahead of entry into force on July 15.

 

 

The Porn Channel...

The Channel Islands is considering whether to join the UK in the censorship of internet porn


Link Here 13th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

As of 15 July, people in the UK who try to access porn on the internet will be required to verify their age or identity online.

The new UK Online Pornography (Commercial Basis) Regulations 2018 law does not affect the Channel Islands but the States have not ruled out introducing their own regulations.

The UK Department for Censorship, Media and Sport said it was working closely with the Crown Dependencies to make the necessary arrangements for the extension of this legislation to the Channel Islands.

A spokeswoman for the States said they were monitoring the situation in the UK to inform our own policy development in this area.

 

 

Ramping up the encrypted internet to protect against the dangers of age verification...

Firefox has a research project to integrate with TOR to create a Super Private Browsing mode


Link Here 21st May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Age verification for porn is pushing internet users into areas of the internet that provide more privacy, security and resistance to censorship.

I'd have thought that security services would prefer that internet users to remain in the more open areas of the internet for easier snooping.

So I wonder if it protecting kids from stumbling across porn is worth the increased difficulty in monitoring terrorists and the like? Or perhaps GCHQ can already see through the encrypted internet.

RQ12: Privacy & Security for Firefox

Mozilla has an interest in potentially integrating more of Tor into Firefox, for the purposes of providing a Super Private Browsing (SPB) mode for our users.

Tor offers privacy and anonymity on the Web, features which are sorely needed in the modern era of mass surveillance, tracking and fingerprinting. However, enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale. Academic research is just getting started with regards to investigating alternative protocol architectures and route selection protocols, such as Tor-over-QUIC, employing DTLS, and Walking Onions.

What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? And would they preserve Tor properties? Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like?

 

 

Offsite Article: A reminder that age verification for porn is an unnecessary risk that is easily avoided...


Link Here 22nd May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Proposed controversial online age verification checks could increase the risk of identity theft and other cyber crimes, warn security experts

See article from computerweekly.com

 

 

Logging your porn history (in the name of fraud yer know)...

Open Rights Group Report: Analysis of BBFC Age Verification Certificate Standard June 2019


Link Here 14th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Executive Summary

The BBFC's Age-verification Certificate Standard ("the Standard") for providers of age verification services, published in April 2019, fails to meet adequate standards of cyber security and data protection and is of little use for consumers reliant on these providers to access adult content online.

This document analyses the Standard and certification scheme and makes recommendations for improvement and remediation. It sub-divides generally into two types of concern: operational issues (the need for a statutory basis, problems caused by the short implementation time and the lack of value the scheme provides to consumers), and substantive issues (seven problems with the content as presently drafted).

The fact that the scheme is voluntary leaves the BBFC powerless to fine or otherwise discipline providers that fail to protect people's data, and makes it tricky for consumers to distinguish between trustworthy and untrustworthy providers. In our view, the government must legislate without delay to place a statutory requirement on the BBFC to implement a mandatory certification scheme and to grant the BBFC powers to require reports and penalise non-compliant providers.

The Standard's existence shows that the BBFC considers robust protection of age verification data to be of critical importance. However, in both substance and operation the Standard fails to deliver this protection. The scheme allows commercial age verification providers to write their own privacy and security frameworks, reducing the BBFC's role to checking whether commercial entities follow their own rules rather than requiring them to work to a mandated set of common standards. The result is uncertainty for Internet users, who are inconsistently protected and have no way to tell which companies they can trust.

Even within its voluntary approach, the BBFC gives providers little guidance to providers as to what their privacy and security frameworks should contain. Guidance on security, encryption, pseudonymisation, and data retention is vague and imprecise, and often refers to generic "industry standards" without explanation. The supplementary Programme Guide, to which the Standard refers readers, remains unpublished, critically undermining the scheme's transparency and accountability.

Recommendations

  • Grant the BBFC statutory powers:

  • The BBFC Standard should be substantively revised to set out comprehensive and concrete standards for handling highly sensitive age verification data.

  • The government should legislate to grant the BBFC statutory power to mandate compliance.

  • The government should enable the BBFC to require remedial action or apply financial penalties for non-compliance.

  • The BBFC should be given statutory powers to require annual compliance reports from providers and fine those who sign up to the certification scheme but later violate its requirements.

  • The Information Commissioner should oversee the BBFC's age verification certification scheme

Delay implementation and enforcement:

Delay implementation and enforcement of age verification until both (a) a statutory standard of data privacy and security is in place, and (b) that standard has been implemented by providers.

Improve the scheme content:

Even if the BBFC certification scheme remains voluntary, the Standard should at least contain a definitive set of precisely delineated objectives that age verification providers must meet in order to say that they process identity data securely.

Improve communication with the public:

Where a provider's certification is revoked, the BBFC should issue press releases and ensure consumers are individually notified at login.

The results of all penetration tests should be provided to the BBFC, which must publish details of the framework it uses to evaluate test results, and publish annual trends in results.

Strengthen data protection requirements:

Data minimisation should be an enforceable statutory requirement for all registered age verification providers.

The Standard should outline specific and very limited circumstances under which it's acceptable to retain logs for fraud prevention purposes. It should also specify a hard limit on the length of time logs may be kept.

The Standard should set out a clear, strict and enforceable set of policies to describe exactly how providers should "pseudonymise" or "deidentify" data.

Providers that no longer meet the Standard should be required to provide the BBFC with evidence that they have destroyed all the user data they collected while supposedly compliant.

The BBFC should prepare a standardised data protection risk assessment framework against which all age verification providers will test their systems. Providers should limit bespoke risk assessments to their specific technological implementation.

Strengthen security, testing, and encryption requirements:

Providers should be required to undertake regular internal and external vulnerability scanning and a penetration test at least every six months, followed by a supervised remediation programme to correct any discovered vulnerabilities.

Providers should be required to conduct penetration tests after any significant application or infrastructure change.

Providers should be required to use a comprehensive and specific testing standard. CBEST or GBEST could serve as guides for the BBFC to develop an industry-specific framework.

The BBFC should build on already-established strong security frameworks, such as the Center for Internet Security Cyber Controls and Resources, the NIST Cyber Security Framework, or Cyber Essentials Plus.

At a bare minimum, the Standard should specify a list of cryptographic protocols which are not adequate for certification.

 

 

Offsite Article: The UK porn block is now one month away, and it's still a terrible idea...


Link Here 16th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Filtering filth won't save the children, but the block could be bad news for you. By Carrie Marshall

See article from techradar.com

 

 

Offsite Comment: Bloody stupid idea...


Link Here 18th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Porn Block Demonstrates the Government Is More Concerned With Censorship Than Security

See article from gizmodo.co.uk

 

 

Age Verification for porn delayed by 6 months...

Jeremy Wright apologises to supporters for an admin cock-up, and takes the opportunity to sneer at the millions of people who just want to keep their porn browsing private and safe


Link Here 20th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Jeremy Wright, the Secretary of State for Digital, Culture, Media and Sport addressed parliament to explain that the start data for Age Verification scheme for porn has been delayed by about 6 months. The reason is that the Government failed to inform the EU about laws that effect free trade (eg those that that allow EU websites to be blocked in the UK). Although the main Digital Economy Act was submitted to the EU, extra bolt on laws added since, have not been submitted. Wright explained:

In autumn last year, we laid three instruments before the House for approval. One of them204the guidance on age verification arrangements204sets out standards that companies need to comply with. That should have been notified to the European Commission, in line with the technical standards and regulations directive, and it was not. Upon learning of that administrative oversight, I instructed my Department to notify this guidance to the EU and re-lay the guidance in Parliament as soon as possible. However, I expect that that will result in a delay in the region of six months.

Perhaps it would help if I explained why I think that six months is roughly the appropriate time. Let me set out what has to happen now: we need to go back to the European Commission, and the rules under the relevant directive say that there must be a three-month standstill period after we have properly notified the regulations to the Commission. If it wishes to look into this in more detail204I hope that it will not204there could be a further month of standstill before we can take matters further, so that is four months. We will then need to re-lay the regulations before the House. As she knows, under the negative procedure, which is what these will be subject to, there is a period during which they can be prayed against, which accounts for roughly another 40 days. If we add all that together, we come to roughly six months.

Wright apologised profusely to supporters of the scheme:

I recognise that many Members of the House and many people beyond it have campaigned passionately for age verification to come into force as soon as possible to ensure that children are protected from pornographic material they should not see. I apologise to them all for the fact that a mistake has been made that means these measures will not be brought into force as soon as they and I would like.

However the law has not been received well by porn users. Parliament has generally shown no interest in the privacy and safety of porn users. In fact much of the delay has been down belatedly realising that the scheme might not get off the ground at all unless they at least pay a little lip service to the safety of porn users.

Even now Wright decided to dismiss people's privacy fears and concerns as if they were all just deplorables bent on opposing child safety. He said:

However, there are also those who do not want these measures to be brought in at all, so let me make it clear that my statement is an apology for delay, not a change of policy or a lessening of this Government's determination to bring these changes about. Age verification for online pornography needs to happen. I believe that it is the clear will of the House and those we represent that it should happen, and that it is in the clear interests of our children that it must.

Wright compounded his point by simply not acknowledging that if, given a choice people, would prefer not to hand over their ID. Voluntarily complying websites would have to take a major hit from customers who would prefer to seek out the safety of non-complying sites. Wright said:

I see no reason why, in most cases, they [websites] cannot begin to comply voluntarily. They had expected to be compelled to do this from 15 July, so they should be in a position to comply. There seems to be no reason why they should not.

In passing Wright also mentioned how the government is trying to counter encrypted DNS which reduces.  the capabilities of ISPs to block websites. Instead the Government will try and press the browser companies into doing their censorship dirty work for them instead:

It is important to understand changes in technology and the additional challenges they throw up, and she is right to say that the so-called D over H changes will present additional challenges. We are working through those now and speaking to the browsers, which is where we must focus our attention. As the hon. Lady rightly says, the use of these protocols will make it more difficult, if not impossible, for ISPs to do what we ask, but it is possible for browsers to do that. We are therefore talking to browsers about how that might practically be done, and the Minister and I will continue those conversations to ensure that these provisions can continue to be effective.

 

 

Who pays for Age Verification? You do of course...one way or another!...

Maybe its a good job the government has delayed Age Verification as there are a still a lot of issues to resolve for the AV companies


Link Here 21st June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The AV industry is not yet ready

The Digital Policy Alliance (DPA) is a private lobby group connecting digital industries with Parliament. Its industry members include both Age Verification (AV) providers, eg OCL, and adult entertainment, eg Portland TV.

Just before the Government announcement that the commencement of adult verification requirements for porn websites would be delayed, the DPA wrote a letter explaining that the industry was not yet ready to implement AV, and had asked for a 3 month delay.

The letter is unpublished but fragments of it have been reported in news reports about AV.

The Telegraph reported:

The Digital Policy Alliance called for the scheme to be delayed or risk nefarious companies using this opportunity to harvest and manipulate user data.

The strongly-worded document complains that the timing is very tight, a fact that has put some AVPs [age verification providers] and adult entertainment providers in a very difficult situation.

It warns that unless the scheme is delayed there will be less protection for public data, as it appears that there is an intention for uncertified providers to use this opportunity to harvest and manipulate user data.
 

The AV industry is  unimpressed by a 6 month delay

See article from news.sky.com

Rowland Manthorpe from Sky News contributed a few interesting snippets too. He noted that the AVPs were unsurprisingly not pleased by the government delay:

Serge Acker, chief executive of OCL, which provides privacy-protecting porn passes for purchase at newsagents, told Sky News: As a business, we have been gearing up to get our solution ready for July 15th and we, alongside many other businesses, could potentially now be being endangered if the government continues with its attitude towards these delays.

Not only does it make the government look foolish, but it's starting to make companies like ours look it too, as we all wait expectantly for plans that are only being kicked further down the road.
 

There are still issues with how the AV providers can make money

And interestingly Manthorpe revealed in the accompanying video news report that the AV providers were also distinctly unimpressed by the BBFC stipulating that certified AV providers must not use Identity Data provided by porn users for any other purpose than verifying age. The sensible idea being that the data should not be made available for the the likes of targeted advertising. And one particular example of prohibited data re-use has caused particular problems, namely that ID data should not be used to sign people up for digital wallets.

Now AV providers have got to be able to generate their revenue somehow. Some have proposed selling AV cards in newsagents for about 10, but others had been planning on using AV to generate a customer base for their digital wallet schemes.

So it seems that there are still quite a few fundamental issues that have not yet been resolved in how the AV providers get their cut.
 

Some AV providers would rather not sign up to BBFC accreditation

See article from adultwebmasters.org

Maybe these issues with BBFC AV accreditation requirements are behind a move to use an alternative standard. An AV provider called VeriMe has announced that it has the first AV company to receive a PAS1296 certification.

The PAS1296 was developed between the British Standards Institution and the Age Check Certification Scheme (ACCS). It stands for Public Accessible Specification and is designed to define good practice standards for a product, service or process. The standard was also championed by the Digital Policy Alliance.

Rudd Apsey, the director of VeriMe said:

The PAS1296 certification augments the voluntary standards outlined by the BBFC, which don't address how third-party websites handle consumer data, Apsey added. We believe it fills those gaps and is confirmation that VeriMe is indeed leading the world in the development and implementation of age verification technology and setting best practice standards for the industry.

We are incredibly proud to be the first company to receive the standard and want consumers and service providers to know that come the July 15 roll out date, they can trust VeriMe's systems to provide the most robust solution for age verification.

This is not a very convincing argument as PAS1296 is not available for customers to read, (unless they pay about 120 quid for the privilege). At least the BBFC standard can be read by anyone for free, and they can then make up their own minds as to whether their porn browsing history and ID data is safe.

However it does seem that some companies at least are planning to give the BBFC accreditation scheme a miss.
 

The BBFC standard fails to provide safety for porn users data anyway.

See article from medium.com

The AV company 18+ takes issue with the BBFC accreditation standard, noting that it allows AV providers to dangerously log people's porn browsing history:

Here's the problem with the design of most age verification systems: when a UK user visits an adult website, most solutions will present the user with an inline frame displaying the age verifier's website or the user will be redirected to the age verifier's website. Once on the age verifier's website, the user will enter his or her credentials. In most cases, the user must create an account with the age verifier, and on subsequent visits to the adult website, the user will enter his account details on the age verifier's website (i.e., username and password). At this point in the process, the age verifier will validate the user and, if the age verifier has a record the user being at least age 18, will redirect the user back to the adult website. The age verification system will transmit to the adult website whether the user is at least age 18 but will not transmit the identity of the user.

The flaw with this design from a user privacy perspective is obvious: the age verification website will know the websites the user visits. In fact, the age verification provider obtains quite a nice log of the digital habits of each user. To be fair, most age verifiers claim they will delete this data. However, a truly privacy first design would ensure the data never gets generated in the first place because logs can inadvertently be kept, hacked, leaked, or policies might change in the future. We viewed this risk to be unacceptable, so we set about building a better system.

Almost all age verification solutions set to roll out in July 2019 do not provide two-way anonymity for both the age verifier and the adult website, meaning, there remains some log of?204?or potential to log -- which adult websites a UK based user visits.

In fact one AV provider revealed that up until recently the government demanded that AV providers keep a log of people's porn browsing history and it was a bit of a late concession to practicality that companies were able to opt out if they wanted.

Note that the logging capability is kindly hidden by the BBFC by passing it off as being used for only as long as is necessary for fraud prevention. Of course that is just smoke and mirrors, fraud, presumably meaning that passcodes could be given or sold to others, could happen anytime that an age verification scheme is in use, and the time restriction specified by the BBFC may as well be forever.

 

 

Offsite Article: Verifiably Stupid...


Link Here 24th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The UK Porn Block's Latest Failure. By David Flint

See article from reprobatepress.com

 

 

Offsite Article: Don't let the porn block give MindGeek a monopoly...


Link Here 28th June 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Age Verification providers that don't provide a way into Pornhub will only get the crumbs from the AV table

See article from medium.com

 

 

Today's the day when porn internet censorship was to have begun...

Margot James apologises for the delay whilst the Open Rights Group points out the scheme is still not safe for porn viewers


Link Here 15th July 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

ICO's Data Protection Training
The Pavlov Method
 
nodding dog
 ☑  Yes I won't read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won't read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like 'to make my viewing experience better'
 ☑  Yes, no need to ask, I'll tick anything

Digital Minister Margot James has apologised for the six-month delay on the so-called porn block, which had been due to take effect today (16th July). It is designed to force pornography websites to verify users are over 18.

But the law has been delayed twice - most recently because the UK government failed to properly notify European regulators. James told the BBC:

I'm extremely sorry that there has been a delay. I know it sounds incompetent. Mistakes do happen, and I'm terribly sorry that it happened in such an important area,

Of course the fundamental mistake is that the incompetent lawmakers cared only about 'protecting the children' and gave bugger all consideration to the resulting endangerment of the adults visiting porn sites.

It took the government months, but it finally started to dawn on them that perhaps they should do something to protect the identity data that they are forcing porn users to hand over that can then be pinned to their porn browsing history. They probably still didn't care about porn users but perhaps realised that the scheme would not get of the ground if it proved so toxic that no one would ever sign up for age verification at all.

Well as a belated after thought the government, BBFC and ICO went away to dream up a few standards that perhaps the age verifiers ought to be sticking to try and ensure that data is being kept safe.

So then the whole law ended up as a bag of worms. The authorities now realise that there should be level of data protection, but unfortunately this is not actually backed up by the law that was actually passed. So now the data protection standards suggested by the government/BBFC/ICO are only voluntary and there remains nothing in law to require the data actually be kept safe. And there is no recourse against anyone who ends up exploiting people's data.

The Open Rights Group have just written an open letter to the government to ask that government to change their flawed law and actually require that porn users' data is kept properly safe:

The Rt Hon Jeremy Wright QC MP Secretary of State for Digital, Culture, Media and Sport

Re: BBFC Age Verification Privacy Certification Scheme

Dear Secretary of State,

We write to ask you to legislate without delay to place a statutory requirement on the British Board of Film Classification (BBFC) to make their privacy certification scheme for age verification providers mandatory. Legislation is also needed to grant the BBFC powers to require compliance reports and penalise non-compliant providers.

As presently constituted, the BBFC certification scheme will be a disaster. Our analysis report, attached, shows that rather than setting out objective privacy safeguards to which companies must adhere, the scheme allows companies to set their own rules and then demonstrate that these are being followed. There are no penalties for providers which sign up to the standard and then fail to meet its requirements.

The broadly-drafted, voluntary scheme encourages a race to the bottom on privacy protection. It provides no consistent guarantees for consumers about how their personal data will be safeguarded and puts millions of British citizens at serious risk of fraud, blackmail or devastating sexual exposure.

The BBFC standard was only published in April. Some age verification providers have admitted that they are not ready. Others have stated that for commercial reasons they will not engage with the scheme. This means that the bureaucratic delay to age verification's roll-out can now be turned to advantage. The Government needs to use this delay to introduce legislation, or at the least issue guidance under section 27 of the Digital Economy Act 2017, that will ensure the privacy and security of online users is protected.

We welcome the opportunity to bring this issue to your attention and await your response.

Yours sincerely,

Jim Killock Executive Director Open Rights Group

 

 

Negligent UK lawmakers devised an age verification scheme with no data protection for porn users...

Now it appears that users who try to protect themselves with VPNs may be unknowingly handing their browsing data over to the Chinese government


Link Here 17th July 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

ICO's Data Protection Training
The Pavlov Method
 
nodding dog
 ☑  Yes I won't read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won't read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like 'to make my viewing experience better'
 ☑  Yes, no need to ask, I'll tick anything
With callous disregard for the safety of porn users, negligent lawmakers devised an age verification scheme with no effective protection of porn users' identity and porn browsing history.

The Government considered that GDPR requirements, where internet users are trainer to blindly tick a box to give consent to the internet companies doing what the fuck they like with your data. Now internet users are well conditioned like Pavlov's dog to tick the hundreds of tick boxes they are presented with daily. And of course nobody ever reads what they are consenting to, life's too short.

After a while the government realised that the total lack of data protection for porn users may actually prevent their scheme form getting off the ground, as porn users simply would refuse to get age verified. This would result in bankrupt AV companies and perverse disinsentives for porn websites. Those that implement AV would then experience a devastating drop off in traffic and those that refuse age verification would be advantaged.

So the government commissioned a voluntary kitemark scheme for AV companies to try and demonstrate to auditors that they keep porn identity and browsing history safely. But really the government couldn't let go of its own surveillance requirements to keep the browsing history of porn users. Eventually some AV companies won the right to have a scheme that did not log people's browsing history, but most still do maintain a log (justified as 'fraud protection' in the BBFC kitemark scheme description).

well Now it appears that those that try to avoid the dangers of AV via VPNs may be not s safe as they would hope. The Henry Jackson Society has been researching the VPN industry and has found that 30% of VPNs are owned by Chinese companies that have direct data paths to the Chinese government.

Surely this will have extreme security issues as privately porn using people could then be set up for blackmail or pressure from the Chinese authorities.

The government needs to put an end to the current AV scheme and go back to the drawing board. It needs to try again, this time with absolute legal requirements to immediately delete porn users identity data and to totally ban the retention of browsing logs.

Anyway, the Henry Jackson Society explains its latest revelations:

Chinese spies could exploit Government's new porn laws to gather compromising material on businessmen, civil servants and public figures, say think tanks.

They say Chinese firms have quietly cornered the market in technology that enables people to access porn sites without having to register their personal details with age verification firms or buy an age ID card in a newsagent.

The new law require those accessing porn sites to prove they are 18 but the checks and registration can be by-passed by signing up to a Virtual Private Network (VPNs). These anonymise the location of a computer by routing its traffic through a server based at remote locations.

It has now emerged through an investigation by security experts that many of the VPNs are secretly controlled by Chinese owned firms -- as many as 30% of the networks worldwide.

It means that a VPN users' viewing habits and data can not only be legally requested by the Chinese Government under its lax privacy laws but the VPNs could themselves also be state-controlled, according to the Adam Smith Institute and Henry Jackson Society.

Sam Armstrong, spokesman for the Henry Jackson Society, said:

A list of billions of late-night website visits of civil servants, diplomats, and politicians could -- in the wrong hands -- amount to the largest-ever kompromat file compiled on British individuals.

Those in sensitive jobs are precisely the types of individuals who would seek to use a VPN to circumvent the trip to the newsagent to buy a porn pass.

Yet, the opaque ownership of these VPNs by Chinese firms means there is a real likelihood any browsing going through them could fall into the hands of Chinese intelligence.

 

 

Offsite Article: IPVanish pitches to keep porn users safe from age verification...


Link Here 2nd August 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
How would the UK adult content block harm digital rights?

See article from ipvanish.com

 


melonfarmers icon
 

Top

Home

Index

Links

Email
 

US

World

Media

Info

UK
 

Film Cuts

Nutters

Liberty
 

Cutting Edge

Shopping

Sex News

Sex+Shopping

Advertise
 



Adult DVD+VoD

Online Shop Reviews
 

Online Shops

New  & Offers
 
Sex Machines
Fucking Machines
Adult DVD Empire
Adult DVD Empire
Simply Adult
30,000+ items in stock
Low prices on DVDs and sex toys
Simply Adult
Hot Movies
Hot Movies