Lords inevitable queued up to support the age verification requirements. However a couple of the lords made cautionary remarks about the privacy issues of websites being able to build up dangerous database of personal ID information of porn
A couple of lords also spoke our against the BBFC/police/government censorship prohibitions being included in the bill. It was noted that these rules are outdated, disproportionate and perhaps requires further debate in another bill.
As an example of these points, the Earl of Erroll (cross bencher) said:
My Lords, I welcome the Bill because it has some very useful stuff in it -- but, like everything else, it might benefit from some tweaking. Many other speakers mentioned the tweaks that need to be made, and if that happens I think that we may
end up with quite a good Bill.
I will concentrate on age verification because I have been working on this issue with a group for about a year and three-quarters. We spotted that its profile was going to be raised because so many people were worried about it. We were the first
group to bring together the people who run adult content websites -- porn websites -- with those who want to protect children. The interesting thing to come out quite quickly from the meetings was that, believe it or not, the people who run porn
sites are not interested in corrupting children because they want to make money. What they want are adult, middle-aged people, with credit cards from whom they can extract money, preferably on a subscription basis or whatever. The stuff that
children are getting access to is what are called teaser adverts. They are designed to draw people in to the harder stuff inside, you might say. The providers would be delighted to offer age verification right up front so long as all the others
have to comply as well -- otherwise they will get all the traffic. Children use up bandwidth. It costs the providers money and wastes their time, so they are very happy to go along with it. They will even help police it, for the simple reason
that it will block the opposition. It is one of the few times I approve of the larger companies getting a competitive advantage in helping to police the smaller sites that try not to comply.
One of the things that became apparent early on was that we will not be able to do anything about foreign sites. They will not answer mail or do anything, so blocking is probably the only thing that will work. We are delighted that the
Government has gone for that at this stage. Things need to get blocked fast or sites will get around it. So it is a case of block first, appeal later, and we will need a simple appeals system. I am sure that the BBFC will do a fine job, but we
need something just in case.
Another thing that came back from the ISPs is that they want more clarity about what should be blocked, how it will be done and what they will have to do. There also needs to be indemnity. When the ISPs block something for intellectual property
and copyright reasons, they are indemnified. They would need to have it for this as well, or there will be a great deal of reluctance, which will cause problems.
The next thing that came up was censorship. The whole point of this is we want to enforce online what is already illegal offline. We are not trying to increase censorship or censor new material. If it illegal offline, it should be illegal online
and we should be able to do something about it. This is about children viewing adult material and pornography online. I am afraid this is where I slightly disagree with the noble Baroness, Lady Kidron. We should decide what should be blocked
elsewhere; we should not use the Bill to block other content that adults probably should not be watching either. It is a separate issue. The Bill is about protecting children. The challenge is that the Obscene Publications Act has some
definitions and there is ATVOD stuff as well. They are supposed to be involved with time. CPS guidelines are out of step with current case law as a result of one of the quite recent cases -- so there is a bit of a mess that needs clearing up.
This is not the Bill to do it. We probably need to address it quite soon and keep the pressure on; that is the next step. But this Bill is about keeping children away from such material.
The noble Baroness, Lady Benjamin, made a very good point about social platforms. They are commercial. There are loopholes that will get exploited. It is probably unrealistic to block the whole of Twitter -- it would make us look like idiots. On
the other hand, there are other things we can do. This brings me to the point that other noble Lords made about ancillary service complaints. If we start to make the payment service providers comply and help, they will make it less easy for
those sites to make money. They will not be able to do certain things. I do not know what enforcement is possible. All these sites have to sign up to terms and conditions. Big retail websites such as Amazon sell films that would certainly come
under this category. They should put an age check in front of the webpage. It is not difficult to do; they could easily comply.
We will probably need an enforcer as well. The BBFC is happy to be a regulator, and I think it is also happy to inform ISPs which sites should be blocked, but other enforcement stuff might need to be done. There is provision for it in the Bill.
The Government may need to start looking for an enforcer.
Another point that has come up is about anonymity and privacy, which is paramount. Imagine the fallout if some hacker found a list of senior politicians who had had to go through an age-verification process on one of these websites, which would
mean they had accessed them. They could bring down the Government or the Opposition overnight. Noble Lords could all go to the MindGeek website and look at the statistics, where there is a breakdown of which age groups and genders are accessing
these websites. I have not dared to do so because it will show I have been to that website, which I am sure would show up somewhere on one of these investigatory powers web searches and could be dangerous.
One of the things the Digital Policy Alliance, which I chair, has done is sponsor a public available specification, which the BSI is behind as well. There is a lot privacy-enforcing stuff in that. It is not totally obvious; it is not finished
yet, and it is being highlighted a bit more. One thing we came up with is that websites should not store the identity of the people whom they age-check. In fact, in most cases, they will bounce straight off the website and be sent to someone
called an attribute provider, who will check the age. They will probably know who the person is, but they will send back to the website only an encrypted token which says, We've checked this person that you sent to us. Store this token. This
person is over 18 -- or under 18, or whatever age they have asked to be confirmed. On their side, they will just keep a record of the token but will not say to which website they have issued it -- they will not store that, either. The link
is the token, so if a regulator or social service had to track it down, they could physically take the token from the porn site to where it came from, the attribute provider, and say, Can you check this person's really over 18, because we
think someone breached the security? What went wrong with your procedures? They can then reverse it and find out who the person was -- but they could still perhaps not be told by the regulator which site it was. So there should be a security
cut-out in there. A lot of work went into this because we all knew the danger.
This is where I agree entirely with the Open Rights Group, which thinks that such a measure should be mandated. Although the publicly available specification, which is almost like a British standard, says that privacy should be mandated under
general data protection regulation out of Europe, which we all subscribe to, I am not sure that that is enough. It is a guideline at the end of the day and it depends on how much emphasis the BBFC decides to put on it. I am not sure that we
should not just put something in the Bill to mandate that a website cannot keep a person's identity. If the person after they have proved that they are 18 then decides to subscribe to the website freely and to give it credit card details and
stuff like that, that is a different problem -- I am not worried about that. That is something else. That should be kept extremely securely and I personally would not give my ID to such a site -- but at the age verification end, it must be
There are some other funny things behind the scenes that I have been briefed on, such as the EU VAT reporting requirements under the VAT Mini One Stop Shop, which requires sites to keep some information which might make a person identifiable.
That could apply if someone was using one of the attribute providers that uses a credit card to provide that check or if the website itself was doing that. There may be some things that people will have to be careful of. There are some perfectly
good age-checking providers out there who can do it without you having to give your details. So it is a good idea; I think that it will help. Let us then worry about the point that the noble Baroness, Lady Kidron, made so well about what goes
The universal service obligation should be territorial; it has to cover the country and not just everyone's homes. With the internet of things coming along -- which I am also involved in because I am chair of the Hypercat Alliance, which is
about resource discovery over the internet of things -- one of the big problems is that we are going to need it everywhere: to do traffic monitoring, people flows and all the useful things we need. We cannot have little not-spots, or the
Government will not be able to get the information on which to run all sorts of helpful control systems. The noble Lord, Lord Gordon of Strathblane, referred to mast sharing. The problem with it is that they then do not put masts in the
not-spots; they just keep the money and work off just one mast -- you still get the not-spots. If someone shares a mast, they should be forced a mast somewhere else, which they then share as well.
On broadband take-up, people say, Oh, well, people aren't asking for it . It is chicken and egg: until it is there, you do not know what it is good for. Once it is there and suddenly it is all useful, the applications will flow. We have
to look to the future; we have to have some vision. Let us get chicken or the egg out there and the chicken will follow -- I cannot remember which way round it is.
I agree entirely with the noble Lord, Lord Mitchell, that the problem with Openreach is that it will always be controlled by its holding company, which takes the investment, redirects it and decides where the money goes. That is the challenge
with having it overseeing.
I do not want waste much time, because I know that it is getting late-ish. On jobs, a huge number of jobs were created in earlier days in installing and maintaining internet of things sensors all over the place -- that will change. On the
gigabit stuff, it will save travel, energy and all sorts of things -- we might even do remote-control hip operations, so you send the device and the surgeon then does it remotely, once we get super-duper superfast broadband.
I want to say one thing about IP. The Open Rights Group raised having thresholds of seriousness. It is quite important that we do not start prosecuting people on charges with 10-year sentences for trivial things. But it is also sad how
interesting documentaries can disappear terribly quickly. The catch-up services cover only a month or so and if you are interested, it is quite nice being able to find these things out there on the internet a year or two later. There should
somehow be a publicly available archive for all the people who produce interesting documentaries. I do not know whether they should make a small charge for it, but it should be out there.
The Open Rights Group also highlighted the bulk sharing of data. Some of the stuff will be very useful -- the briefing on free school meals is interesting -- but if you are the only person who really knows what might be leaked, it is very
dangerous. If someone were to beat you up, an ordinary register could leak your address across without realising that at that point you are about to go into witness protection. There can be lots of problems with bulk data sharing, so be careful;
that is why the insurance database was killed off a few years ago. Apart from that, I thank your Lordships for listening and say that, in general, this is a good effort.?