The BBFC has made a pretty poor show of setting out guidelines for the technical implementation of age verification, and now the Stop Age Verification campaign has pointed out that the BBFC has made legal errors about text porn
The BBFC seems a little behind the curve in its role as porn censor. Its initial draft of its guidelines gave absolutely no concern for the safety and well being of porn users. The BBFC spoke of incredibly sensitive identity and browsing date
being entrusted to adult websites and age verifiers, purely on the forlorn hope that these companies would follow 'best practice' voluntary guidelines to keep the data safe. The BBFC offered next to no guidelines that defined how age verification
should work and what it really needs to do.
As time has moved on, it has obviously occurred to the BBFC or the government that this was simply not good enough, so we are now waiting on the implementation of some sort of kite marking scheme to try to provide at least a modicum of trust in
age verifiers to keep this sensitive data safe.
But even in this period of rework, the BBFC hasn't been keeping interested parties informed of what's going on. The BBFC seem very reluctant to advise or inform anyone of anything. Perhaps the rework is being driven by the government and maybe
the BBFC isn't in a position to be any more helpful.
Anyway it is interesting to note that in an
article from stopageverification.org.uk , that the BBFC has been reported to being overstepping the remit of the age verification laws contained in the Digital Economy Act:
All types of pornographic content are within the scope of the legislation. The legislation does not exclude audio or text from its definition of pornography. All providers of commercial online pornography to persons in the UK are required to
comply with the age-verification requirement.
Pornographic material is defined in s.15 of the act. This sets out nine categories of material. Material is defined in that section (15(2) as material means204 (a) a series of visual images shown as a moving picture, with or without sound; (b)
a still image or series of still images, with or without sound; or (c) sound;
It clearly doesn't mention text.
The BBFC need to be clear in their role as Age Verifier. They can only apply the law as enacted by Parliament. If they seek to go beyond that they could be at risk of court action.
The Observer today published an article generally supporting the upcoming porn censorship and age verification regime. It did have one interesting point to note though:
Brexit's impact on the pornography industry has gone unnoticed. But the chaos caused by the UK's disorderly exit from the European Union even stretches into the grubbier parts of cyberspace.
A new law forcing pornography users to prove that they are adults was supposed to be introduced early next month. But sources told the Observer that it may not be unveiled until after the Brexit impasse is resolved as the government, desperate
for other things to talk about, believes it will be a good news story that will play well with the public when it is eventually unveiled.
Comment: The illiberal Observer
25th March 2019. Thanks to Alan
Bloody hell! Have you seen this
fuckwittage from the purportedly liberal Observer?
Posh-boy churnalist Jamie (definitely not Jim) Doward regurgitates the bile of authoritarian feminist Gail Dines about the crackpot attempt to stop children accessing a bit of porn. This is total bollox.
It's getting on for sixty years since I spotted that my girl contemporaries were taking on a different and interesting shape - a phenomenon I researched by reference to two bodies of literature: those helpful little books for the amateur and
professional photographer in which each photo of a lady was accompanied by F number and exposure time and those periodicals devoted to naturism. This involved no greater subterfuge than taking off my school cap and turning up my raincoat collar
to hide my school tie. I would fervently hope that today's lads can run rings round parental controls and similar nonsense.
An informal group of MPs, the All Party Parliamentary Group on Social Media and Young People's Mental Health and Wellbeing has published a report calling for the establishment of an internet censor. The report clams:
80% of the UK public believe tighter regulation is needed to address the impact of social media on the health and wellbeing of young people.
63% of young people reported social media to be a good source of health information.
However, children who spend more than three hours a day using social media are twice as likely to display symptoms of mental ill health.
Pressure to conform to beauty standards perpetuated and praised online can encourage harmful behaviours to achieve "results", including body shame and disordered eating, with 46% of girls compared to 38% of all young people reporting
social media has a negative impacted on their self-esteem.
Establish a duty of care on all social media companies with registered UK users aged 24 and under in the form of a statutory code of conduct, with Ofcom to act as regulator.
Create a Social Media Health Alliance, funded by a 0.5% levy on the profits of social media companies, to fund research, educational initiatives and establish clearer guidance for the public.
Review whether the "addictive" nature of social media is sufficient for official disease classification.
Urgently commission robust, longitudinal research, into understanding the extent to which the impact of social media on young people's mental health and wellbeing is one of cause or correlation.
Chris Elmore MP, Chair of the APPG on Social Media on Young People's Mental Health and Wellbeing said:
"I truly think our report is the wakeup call needed to ensure - finally - that meaningful action is taken to lessen the negative impact social media is having on young people's mental health.
For far too long social media companies have been allowed to operate in an online Wild West. And it is in this lawless landscape that our children currently work and play online. This cannot continue. As the report makes clear, now is the time
for the government to take action.
The recommendations from our Inquiry are both sensible and reasonable; they would make a huge difference to the current mental health crisis among our young people.
I hope to work constructively with the UK Government in the coming weeks and months to ensure we see real changes to tackle the issues highlighted in the report at the earliest opportunity."
The House of Lords Communications Committee has called for a new, overarching censorship framework so that the services in the digital world are held accountable to an enforceable set of government rules.
The Lords Communications Committee writes:
In its report 'Regulating in a digital world' the committee notes that over a dozen UK regulators have a remit covering the digital world but there is no body which has complete oversight. As a result, regulation of the digital environment is
fragmented, with gaps and overlaps. Big tech companies have failed to adequately tackle online harms.
Responses to growing public concern have been piecemeal and inadequate. The Committee recommends a new Digital Authority, guided by 10 principles to inform regulation of the digital world.
The chairman of the committee, Lord Gilbert of Panteg , said:
"The Government should not just be responding to news headlines but looking ahead so that the services that constitute the digital world can be held accountable to an agreed set of principles.
Self-regulation by online platforms is clearly failing. The current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation. Without intervention, the largest tech companies
are likely to gain ever more control of technologies which extract personal data and make decisions affecting people's lives. Our proposals will ensure that rights are protected online as they are offline while keeping the internet open to
innovation and creativity, with a new culture of ethical behaviour embedded in the design of service."
Recommendations for a new regulatory approach Digital Authority
A new 'Digital Authority' should be established to co-ordinate regulators, continually assess regulation and make recommendations on which additional powers are necessary to fill gaps. The Digital Authority should play a key role in providing the
public, the Government and Parliament with the latest information. It should report to a new joint committee of both Houses of Parliament, whose remit would be to consider all matters related to the digital world.
10 principles for regulation
The 10 principles identified in the committee's report should guide all regulation of the internet. They include accountability, transparency, respect for privacy and freedom of expression. The principles will help the industry, regulators, the
Government and users work towards a common goal of making the internet a better, more respectful environment which is beneficial to all. If rights are infringed, those responsible should be held accountable in a fair and transparent way.
Recommendations for specific action Online harms and a duty of care
A duty of care should be imposed on online services which host and curate content which can openly be uploaded and accessed by the public. Given the urgent need to address online harms, Ofcom's remit should expand to include responsibility for
enforcing the duty of care.
Online platforms should make community standards clearer through a new classification framework akin to that of the British Board of Film Classification. Major platforms should invest in more effective moderation systems to uphold their
Users should have greater control over the collection of personal data. Maximum privacy and safety settings should be the default.
Data controllers and data processors should be required to publish an annual data transparency statement detailing which forms of behavioural data they generate or purchase from third parties, how they are stored, for how long, and how they are
used and transferred.
The Government should empower the Information Commissioner's Office to conduct impact-based audits where risks associated with using algorithms are greatest. Businesses should be required to explain how they use personal data and what their
The modern internet is characterised by the concentration of market power in a small number of companies which operate online platforms. Greater use of data portability might help, but this will require more interoperability.
The Government should consider creating a public-interest test for data-driven mergers and acquisitions.
Regulation should recognise the inherent power of intermediaries.
Sky News has learned that the government has delayed setting a date for when age verification rules will come into force due to concerns regarding the security and human rights issues posed by the rules. A DCMS representative said:
This is a world-leading step forward to protect our children from adult content which is currently far too easy to access online.
The government, and the BBFC as the regulator, have taken the time to get this right and we will announce a commencement date shortly.
Previously the government indicated that age verification would start from about Easter but the law states that 3 months notice must be given for the start date. Official notice has yet to be published so the earliest it could start is already
The basic issue is that the Digital Economy Act underpinning age verification does not mandate that identity data and browsing provided of porn users should be protected by law. The law makers thought that GDPR would be sufficient for data
protection, but in fact it only requires that user consent is required for use of that data. All it requires is for users to tick the consent box, probably without reading the deliberately verbose or vague terms and conditions provided. After
getting the box ticked the age verifier can then do more or less what they want to do with the data.
Realising that this voluntary system is hardly ideal, and that the world's largest internet porn company Mindgeek is likely to become the monopoly gatekeeper of the scheme, the government has moved on to considering some sort of voluntary
kitemark scheme to try and convince porn users that an age verification company can be trusted with the data. The kitemark scheme would appoint an audit company to investigate the age verification implementations and to approve those that use
I would guess that this scheme is difficult to set up as it would be a major risk for audit companies to approve age verification systems based upon voluntary data protection rules. If an 'approved' company were later found to be selling,
misusing data or even getting hacked, then the auditor could be sued for negligent advice, whilst the age verification company could get off scot-free.
Pornhub and sister websites will soon require ID from users before being able to browse its porn.
The government most recently suggested that this requirement would start from about Easter this year, but this date has already slipped. The government will give 3 months notice of the start date and as this has not yet been announced, the
earliest start date is currently in June.
Pornhub and YouPorn will use the AgeID system, which requires users to identify themselves with an email address and a credit card, passport, driving licence or an age verified mobile phone number.
Metro.co.uk spoke to a spokesperson from AgeID to find out how it will work (and what you'll actually see when you try to log in). James Clark, AgeID spokesperson, said:
When a user first visits a site protected by AgeID, a landing page will appear with a prompt for the user to verify their age before they can access the site.
First, a user can register an AgeID account using an email address and password. The user verifies their email address and then chooses an age verification option from our list of 3rd party providers, using options such as Mobile SMS, Credit
Card, Passport, or Driving Licence.
The second option is to purchase a PortesCard or voucher from a retail outlet. Using this method, a customer does not need to register an email address, and can simply access the site using the Portes app.
Thereafter, users will be able to use this username/password combination to log into all porn sites which use the Age ID system.
It is a one-time verification, with a simple single sign-on for future access. If a user verifies on one AgeID protected site, they will not need to perform this verification again on any other site carrying AgeID.
The PortesCard is available to purchase from selected high street retailers and any of the UK's 29,000 PayPoint outlets as a voucher. Once a card or voucher is purchased, its unique validation code must be activated via the Portes app within 24
hours before expiring.
If a user changes device or uses a fresh browser, they will need to login with the credentials they used to register. If using the same browser/device, the user has a choice as to whether they wish to login every time, for instance if they are
on a shared device (the default option), or instead allow AgeID to log them in automatically, perhaps on a mobile phone or other personal device.
Clark claimed that AgeID's system does not store details of people's ID, nor does it store their browsing history. This sounds a little unconvincing and must be taken on trust. And this statement rather seems to be contradicted by a previous line
noting that user's email will be verified, so that piece of identity information at least will need to be stored and read.
The Portes App solution seems a little doubtful too. It claims not to log device data and then goes on to explain that the PortesCard needs to be locked to a device, rather suggesting that it will in fact be using device data. It will be
interesting to see what app permissions the app will require when installing. Hopefully it won't ask to read your contact list.
This AgeID statement rather leaves the AVSecure card idea in the cold. The AVSecure system of proving your age anonymously at a shop, and then obtaining a password for use on porn websites seems to be the most genuinely anonymous idea suggested
so far, but it will be pretty useless if it can't be used on the main porn websites.
The world's biggest internet companies including Facebook, Google and Twitter are represented by a trade group call The Internet Association. This organisation has written to UK government ministers to outline how they believe harmful online
activity should be regulated.
The letter has been sent to the culture, health and home secretaries. The letter will be seen as a pre-emptive move in the coming negotiation over new rules to govern the internet. The government is due to publish a delayed White Paper on online
harms in the coming weeks.
The letter outlines six principles:
"Be targeted at specific harms, using a risk-based approach
"Provide flexibility to adapt to changing technologies, different services and evolving societal expectations
"Maintain the intermediary liability protections that enable the internet to deliver significant benefits for consumers, society and the economy
"Be technically possible to implement in practice
"Provide clarity and certainty for consumers, citizens and internet companies
"Recognise the distinction between public and private communication"
Many leading figures in the UK technology sector fear a lack of expertise in government, and hardening public sentiment against the excesses of the internet, will push the Online Harms paper in a more radical direction.
Three of the key areas of debate are the definition of online harm, the lack of liability for third-party content, and the difference between public and private communication.
The companies insist that government should recognise the distinction between clearly illegal content and content which is harmful, but not illegal. If these leading tech companies believe this government definition of harm is too broad, their
insistence on a distinction between illegal and harmful content may be superseded by another set of problems.
The companies also defend the principle that platforms such as YouTube permit users to post and share information without fear that those platforms will be held liable for third-party content. Another area which will be of particular interest to
the Home Office is the insistence that care should be taken to avoid regulation encroaching into the surveillance of private communications.
We met to discuss BBFC's voluntary age verification privacy scheme, but BBFC did not attend. Open Rights Group met a number of age verification providers to discuss the privacy standards that they will be meeting when the scheme
launches, slated for April. Up to 20 million UK adults are expected to sign up to these products.
We invited all the AV providers we know about, and most importantly, the BBFC, at the start of February. BBFC are about to launch a voluntary privacy standard which some of the providers will sign up to. Unfortunately, BBFC have not committed to
any public consultation about the scheme, relying instead on a commercial provider to draft the contents with providers, but without wider feedback from privacy experts and people who are concerned about users.
We held the offices close to the BBFC's offices in order that it would be convenient for them to send someone that might be able to discuss this with us. We have been asking for meetings with BBFC about the privacy issues in the new code since
October 2018: but have not received any reply or acknowledgement of our requests, until this morning, when BBFC said they would be unable to attend today's roundtable. This is very disappointing.
BBFC's failure to consult the public about this standard, or even to meet us to discuss our concerns, is alarming. We can understand that BBFC is cautious and does not wish to overstep its relationship with its new masters at DCMS. BBFC may be
worried about ORG's attitude towards the scheme: and we certainly are critical. However, it is not responsible for a regulator to fail to talk to its potential critics.
We are very clear about our objectives. We are acting to do our best to ensure the risk to adult users of age verification technologies are minimised. We do not pose a threat to the scheme as a whole: listening to us can only result in making the
pornographic age verification scheme more likely to succeed, and for instance, to avoid catastrophic failures.
Privacy concerns appear to have been recognised by BBFC and DCMS as a result of consultation responses from ORG supporters and others, which resulted in the voluntary privacy standard. These concerns have also been highlighted by Parliament,
whose regulatory committee expressed surprise that the Digital Economy Act 2017 had contained no provision to deal with the privacy implications of pornographic age verification.
Today's meeting was held to discuss:
What the scheme is likely to cover; and what it ideally should cover;
Whether there is any prospect of making the scheme compulsory;
What should be done about non-compliant services;
What the governance of the scheme should be in the long tern, for instance whether it might be suitable to become an ICO backed code, or complement such as code
As we communicated to BBFC in December 2018, we have considerable worries about the lack of consultation over the standard they are writing, which appears to be truncated in order to meet the artificial deadline of April this year. This is what
we explained to BBFC in our email:
Security requires as many perspectives to be considered as possible.
The best security standards eg PCI DSS are developed in the open and iterated
The standards will be best if those with most to lose are involved in the design.
For PCI DSS, the banks and their customers have more to lose than the processors
For Age Verification, site users have more to lose than the processors, however only the processors seem likely to be involved in setting the standard
We look forward to BBFC agreeing to meet us to discuss the outcome of the roundtable we held about their scheme, and to discuss our concerns about the new voluntary privacy standard. Meanwhile, we will produce a note from the meeting, which we
believe was useful. It covered the concerns above, and issues around timing, as well as strategies for getting government to adjust their view of the absence of compulsory standards, which many of the providers want. In this, BBFC are a critical
actor. ORG also intends as a result of the meeting to start to produce a note explaining what an effective privacy scheme would cover, in terms of scope, risks to mitigate, governance and enforcement for participants.
In 2017, Chelsea Russell, a Liverpool teenager with Asperger's syndrome, paid tribute on her Instagram profile to a 13-year-old friend who died when he was hit by a car. She quoted the lyrics of a rap song, I'm Trippin" by Snap Dogg,
alongside the phrase 'RIP Frankie Murphy. Many other teenagers used the lyrics to pay tribute to Murphy.
A year later, Russell's profile came to the attention of the police, who decided to arrest her and have her charged. The lyrics she quoted Kill a snitch nigga, rob a rich nigga were found in court to be grossly offensive and Russell was
convicted of a hate crime . For nothing more than quoting rap lyrics, she was placed on an eight-week, 8am-to-8pm curfew, fitted with an ankle tag, and fined £585.
Last week, the conviction was overturned on appeal. Russell's defence lawyer slammed the initial verdict as ridiculous, akin to the actions of a totalitarian state.
Offsite Comment: Chelsea Russell and the depravity of PC
Social media companies face criminal sanctions for failing to protect children from online harms, according to drafts of the Government's White Paper circulating in Whitehall.
Civil servants are proposing a new corporate offence as an option in the White Paper plans for a tough new censor with the power to force social media firms to take down illegal content and to police legal but harmful material.
They see criminal sanctions as desirable and as an important part of a regulatory regime, said one source who added that there's a recognition particularly on the Home Office side that this needs to be a regulator with teeth. The main issue they
need to satisfy ministers on is extra-territoriality, that is can you apply this to non-UK companies like Facebook and YouTube? The belief is that you can.
The White Paper, which is due to published mid-March followed by a Summer consultation, is not expected to lay out as definitive a plan as previously thought. A decision on whether to create a brand new censor or use Ofcom is expected to be left
open. A Whitehall source said:
Criminal sanctions are going to be put into the White Paper as an option. We are not necessarily saying we are going to do it but these are things that are open to us. They will be allied to a system of fines amounting to 4% of global turnover
or Euros 20m, whichever is higher.
Government minister Jeremy Wright told the Telegraph this week he was especially focused on ensuring that technology companies enforce minimum age standards. He also indicated the Government w ould fulfill a manifesto commitment to a levy on
social media firms, that could fund the new censorr.
Internet Watch Foundation's (IWF) CEO, Susie Hargreaves OBE, puts forward a voice of reason by urging politicians and policy makers to take a balanced approach to internet regulation which avoids a heavy cost to the victims of child sexual
IWF has set out its views on internet regulation ahead of the publication of the Government's Online Harms White Paper. It suggests that traditional approaches to regulation cannot apply to the internet and that human rights should play a big
role in any regulatory approach.
The IWF, as part of the UK Safer Internet Centre, supports the Government's ambition to make the UK the safest place in the world to go online, and the best place to start a digital business.
IWF has a world-leading reputation in identifying and removing child sexual abuse images and videos from the internet. It takes a co-regulatory approach to combating child sexual abuse images and videos by working in partnership with the internet
industry, law enforcement and governments around the world. It offers a suite of tools and services to the online industry to keep their networks safer. In the past 22 years, the internet watchdog has assessed -- with human eyes -- more than 1
Ms Hargreaves said:
Tackling criminal child sexual abuse material requires a global multi-stakeholder effort. We'll use our 22 years' experience in this area to help the government and policy makers to shape a regulatory framework which is sustainable and puts
victims at its heart. In order to do this, any regulation in this area should be developed with industry and other key stakeholders rather than imposed on them.
We recommend an outcomes-based approach where the outcomes are clearly defined and the government should provide clarity over the results it seeks in dealing with any harm. There also needs to be a process to monitor this and for any results to
be transparently communicated.
But, warns Ms Hargreaves, any solutions should be tested with users including understanding impacts on victims: "The UK already leads the world at tackling online child sexual abuse images and videos but there is definitely more that can be
done, particularly in relation to tackling grooming and livestreaming, and of course, regulating harmful content is important.
My worries, however, are about rushing into knee-jerk regulation which creates perverse incentives or unintended consequences to victims and could undo all the successful work accomplished to date. Ultimately, we must avoid a heavy cost to
victims of online sexual abuse.
Index on Censorship welcomes a report by the House of Commons Digital, Culture, Media and Sport select committee into disinformation and fake news that calls for greater transparency on social media companies' decision making processes, on
who posts political advertising and on use of personal data. However, we remain concerned about attempts by government to establish systems that would regulate harmful content online given there remains no agreed definition of harm in this
context beyond those which are already illegal.
Despite a number of reports, including the government's Internet Safety Strategy green paper, that have examined the issue over the past year, none have yet been able to come up with a definition of harmful content that goes beyond definitions of
speech and expression that are already illegal. DCMS recognises this in its report when it quotes the Secretary of State Jeremy Wright discussing the difficulties surrounding the definition. Despite acknowledging this, the report's authors
nevertheless expect technical experts to be able to set out what constitutes harmful content that will be overseen by an independent regulator.
International experience shows that in practice it is extremely difficult to define harmful content in such a way that would target only bad speech. Last year, for example, activists in Vietnam wrote an open letter to Facebook complaining that
Facebook's system of automatically pulling content if enough people complained could silence human rights activists and citizen journalists in Vietnam , while Facebook has shut down the livestreams of people in the United States using the
platform as a tool to document their experiences of police violence.
Index on Censorship chief executive Jodie Ginsberg said:
It is vital that any new system created for regulating social media protects freedom of expression, rather than introducing new restrictions on speech by the back door. We already have laws to deal with harassment, incitement to violence, and
incitement to hatred. Even well-intentioned laws meant to tackle hateful views online often end up hurting the minority groups they are meant to protect, stifle public debate, and limit the public's ability to hold the powerful to account.
The select committee report provides the example of Germany as a country that has legislated against harmful content on tech platforms. However, it fails to mention the German Network Reinforcement Act was legislating on content that was already
considered illegal, nor the widespread criticism of the law that included the UN rapporteur on freedom of expression and groups such as Human Rights Watch. It also cites the fact that one in six of Facebook's moderators now works in Germany as
practical evidence that legislation can work. Ginsberg said:
The existence of more moderators is not evidence that the laws work. Evidence would be if more harmful content had been removed and if lawful speech flourished. Given that there is no effective mechanism for challenging decisions made by
operators, it is impossible to tell how much lawful content is being removed in Germany. But the fact that Russia, Singapore and the Philippines have all cited the German law as a positive example of ways to restrict content online should give
Index has reported on various examples of the German law being applied incorrectly, including the removal of a tweet of journalist Martin Eimermacher criticising the double standards of tabloid newspaper Bild Zeitung and the blocking of the
Twitter account of German satirical magazine Titanic. The Association of German Journalists (DJV) has said the Twitter move amounted to censorship, adding it had warned of this danger when the German law was drawn up.
Index is also concerned about the continued calls for tools to distinguish between quality journalism and unreliable sources, most recently in the Cairncross Review . While we recognise that the ability to do this as individuals and through
education is key to democracy, we are worried that a reliance on a labelling system could create false positives, and mean that smaller or newer journalism outfits would find themselves rejected by the system.
The Digital, Culture, Media and Sport Committee has published its final report on Disinformation and 'fake news'. The report calls for:
Compulsory Code of Ethics for tech companies overseen by independent regulator
Regulator given powers to launch legal action against companies breaching code
Government to reform current electoral communications laws and rules on overseas involvement in UK elections
Social media companies obliged to take down known sources of harmful content, including proven sources of disinformation
Further finds that:
Electoral law 'not fit for purpose'
Facebook intentionally and knowingly violated both data privacy and anti-competition laws
Damian Collins MP, Chair of the DCMS Committee said:
"Our inquiry over the last year has identified three big threats to our society. The challenge for the year ahead is to start to fix them; we cannot delay any longer.
"Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised 'dark adverts' from unidentifiable sources, delivered through the major social media platforms we use everyday. Much of this
is directed from agencies working in foreign countries, including Russia.
"The big tech companies are failing in the duty of care they owe to their users to act against harmful content, and to respect their data privacy rights.
"Companies like Facebook exercise massive market power which enables them to make money by bullying the smaller technology companies and developers who rely on this platform to reach their customers.
"These are issues that the major tech companies are well aware of, yet continually fail to address. The guiding principle of the 'move fast and break things' culture often seems to be that it is better to apologise than ask permission.
"We need a radical shift in the balance of power between the platforms and the people. The age of inadequate self regulation must come to an end. The rights of the citizen need to be established in statute, by requiring the tech companies
to adhere to a code of conduct written into law by Parliament, and overseen by an independent regulator.
"We also have to accept that our electoral regulations are hopelessly out of date for the internet age. We need reform so that the same principles of transparency of political communications apply online, just as they do in the real world.
More needs to be done to require major donors to clearly establish the source of their funds.
"Much of the evidence we have scrutinised during our inquiry has focused on the business practices of Facebook; before, during and after the Cambridge Analytica data breach scandal.
"We believe that in its evidence to the Committee Facebook has often deliberately sought to frustrate our work, by giving incomplete, disingenuous and at times misleading answers to our questions.
"Even if Mark Zuckerberg doesn't believe he is accountable to the UK Parliament, he is to the billions of Facebook users across the world. Evidence uncovered by my Committee shows he still has questions to answer yet he's continued to duck
them, refusing to respond to our invitations directly or sending representatives who don't have the right information. Mark Zuckerberg continually fails to show the levels of leadership and personal responsibility that should be expected from
someone who sits at the top of one of the world's biggest companies.
"We also repeat our call to the Government to make a statement about how many investigations are currently being carried out into Russian interference in UK politics. We want to find out what was the impact of disinformation and voter
manipulation on past elections including the UK Referendum in 2016 and are calling on the Government to launch an independent investigation."
This Final Report on Disinformation and 'Fake News' repeats a number of recommendations from the interim report published last summer. The Committee calls for the Government to reconsider a number of recommendations to which it did not respond
and to include concrete proposals for action in its forthcoming White Paper on online harms.
Independent regulation of social media companies.
The Report repeats a recommendation from the Interim Report for clear legal liabilities to be established for tech companies to act against harmful or illegal content on their sites, and the report calls for a compulsory Code of Ethics defining
what constitutes harmful content. An independent regulator should be responsible for monitoring tech companies, backed by statutory powers to launch legal action against companies in breach of the code.
Companies failing obligations on harmful or illegal content would face hefty fines. MPs conclude: "Social media companies cannot hide behind the claim of being merely a 'platform' and maintain that they have no responsibility themselves in
regulating the content of their sites."
The Report's recommendation chimes with recent statements by Ministers indicating the Government is prepared to regulate social media companies following the death of teenager Molly Russell. The Committee hopes to see firm recommendations for
legislation in the White Paper to create a regulatory system for online content that is as effective as that for offline content.
It repeats its recommendation for new independent regulation to be funded by a levy on tech companies operating in the UK.
Data use and data targeting
The Report highlights Facebook documents obtained by the Committee and published in December 2018 relating to a Californian court case brought by app developer Six4Three. Through scrutiny of internal Facebook emails between 2011 and 2015, the
Report finds evidence to indicate that the company was willing to: override its users' privacy settings in order to transfer data to some app developers; to charge high prices in advertising to some developers, for the exchange of data, and
starve some developers--such as Six4Three--of that data, contributing to them losing their business. MPs conclude: "It is evident that Facebook intentionally and knowingly violated both data privacy and anti-competition laws."
It recommends that the ICO carries out a detailed investigation into the practices of the Facebook platform, its use of users' and users' friends' data, and the use of 'reciprocity' of the sharing of data. The CMA (Competition and Markets
Authority) should conduct a comprehensive audit of the advertising market on social media and investigate whether Facebook has been involved in anti-competitive practices.
MPs note that Facebook, in particular, is unwilling to be accountable to regulators around the world: "By choosing not to appear before the Committee and by choosing not to respond personally to any of our invitations, Mark Zuckerberg has
shown contempt towards both our Committee and the 'International Grand Committee' involving members from nine legislators from around the world."
Christian Concern writes a long article criticising the relaxation of UK obscenity law and concludes:
We need your help to monitor the mainstreaming of sado-masochism and extreme pornography in British society from now on. Christians have a unique calling to shed the light of the Gospel on this problem, and to provide a witness to redemption in
a society that has completely lost its way regarding sexual ethics.
2018 was a pivotal year for data protection. First the Cambridge Analytica scandal put a spotlight on Facebook's questionable privacy practices. Then the new Data Protection Act and the General Data Protection Regulation (GDPR) forced
businesses to better handle personal data.
As these events continue to develop, 2019 is shaping up to be a similarly consequential year for free speech online as new forms of digital censorship assert themselves in the UK and EU.
Of chief concern in the UK are several initiatives within the Government's grand plan to "make Britain the safest place in the world to be online", known as the Digital Charter. Its founding document proclaims "the same rights that
people have offline must be protected online." That sounds a lot like Open Rights Group's mission! What's not to like?
Well, just as surveillance programmes created in the name of national security proved detrimental to privacy rights, new Internet regulations targeting "harmful content" risk curtailing free expression.
The Digital Charter's remit is staggeringly broad. It addresses just about every conceivable evil on the Internet from bullying and hate speech to copyright infringement, child pornography and terrorist propaganda. With so many initiatives
developing simultaneously it can be easy to get lost.
To gain clarity, Open Rights Group published a report surveying the current state of digital censorship in the UK . The report is broken up into two main sections - formal censorship practices like copyright and pornography blocking, and informal
censorship practices including ISP filtering and counter terrorism activity. The report shows how authorities, while often engaging in important work, can be prone to mistakes and unaccountable takedowns that lack independent means of redress.
Over the coming weeks we'll post a series of excerpts from the report covering the following:
Formal censorship practices
Copyright blocking injunctions
BBFC pornography blocking
BBFC requests to "Ancillary Service Providers"
Informal censorship practices
Nominet domain suspensions
The Counter Terrorism Internet Referral Unit (CTIRU)
The Internet Watch Foundation (IWF)
ISP content filtering
The big picture
Take a step back from the many measures encompassed within the Digital Charter and a clear pattern emerges. When it comes to web blocking, the same rules do not apply online as offline. Many powers and practices the government employs to remove
online content would be deemed unacceptable and arbitrary if they were applied to offline publications.
Part II of our report is in the works and will focus on threats to free speech within yet another branch of the Digital Charter known as the Internet Safety Strategy.
There is every reason to believe that the government and opposition are moving to a consensus on introducing a duty of care for social media companies to reduce harm and risk to their users. This may be backed by an Internet regulator, who
might decide what kind of mitigating actions are appropriate to address the risks to users on different platforms.
This idea originated from a series of papers by Will Perrin and Lorna Woods and has been mentioned most recently in a recent Science and Technology committee report and by NGOs including children's charity 5Rights.
A duty of care has some obvious merits: it could be based on objective risks, based on evidence, and ensure that mitigations are proportionate to those risks. It could take some of the politicisation out of the current debate.
However, it also has obvious problems. For a start, it focuses on risk rather than process . It moves attention away from the fact that interventions are regulating social media users just as much as platforms. It does not by itself tell us that
free expression impacts will be considered, tracked or mitigated.
Furthermore, the lack of focus that a duty of care model gives to process means that platform decisions that have nothing to do with risky content are not necessarily based on better decisions, independent appeals and so on. Rather, as has
happened with German regulation, processes can remain unaffected when they are outside a duty of care.
In practice, a lot of content which is disturbing or offensive is already banned on online platforms. Much of this would not be in scope under a duty of care but it is precisely these kinds of material which users often complain about, when it is
either not removed when they want it gone, or is removed incorrectly. Any model of social media regulation needs to improve these issues, but a duty of care is unlikely to touch these problems.
There are very many questions about the kinds of risk, whether to individual in general, vulnerable groups, or society at large; and the evidence required to create action. The truth is that a duty of care, if cast sensibly and narrowly, will not
satisfy many of the people who are demanding action; equally, if the threshold to act is low, then it will quickly be seen to be a mechanism for wide-scale Internet censorship.
It is also a simple fact that many decisions that platforms make about legal content which is not risky are not the business of government to regulate. This includes decisions about what legal content is promoted and why. For this reason, we
believe that a better approach might be to require independent self-regulation of major platforms across all of their content decisions. This requirement could be a legislative one, but the regulator would need to be independent of government and
Independent self-regulation has not been truly tried. Instead, voluntary agreements have filled its place. We should be cautious about moving straight to government regulation of social media and social media users. The government refuses to
regulate the press in this way because it doesn't wish to be seen to be controlling print media. It is pretty curious that neither the media nor the government are spelling out the risks of state regulation of the speech of millions of British
That we are in this place is of course largely the fault of the social media platforms themselves, who have failed to understand the need and value of transparent and accountable systems to ensure they are acting properly. That, however, just
demonstrates the problem: politically weak platforms who have created monopoly positions based on data silos are now being sliced and diced at the policy table for their wider errors. It's imperative that as these government proposals progress we
keep focus on the simple fact that it is end users whose speech will ultimately be regulated.
Wrangling in Whitehall has held up plans to set up a social media censor dubbed Ofweb, The Mail on Sunday reveals.
The Government was due to publish a White Paper this winter on censorship of tech giants but this Mail has learnt it is still far from ready. Culture Secretary Jeremy Wright said it would be published within a month, but a Cabinet source said
that timeline was wholly unrealistic. Other senior Government sources went further and said the policy document is unlikely to surface before the Spring.
Key details on how a new censor would work have yet to be decided while funding from the Treasury has not yet been secured. Another problem is that some Ministers believe the proposed clampdown is too draconian and are preparing to try to block
or water down the plan.
There are also concerns that technically difficult requirements would benefit the largest US companies as smaller European companies and start ups would not be able to afford the technology and development required.
The Mail on Sunday understands Jeremy Wright has postponed a visit to Facebook HQ in California to discuss the measures, as key details are still up in the air.
Update: The Conservatives don't have a monopoly on internet censorship...Labour agrees
Labour has called for a new entity capable of taking on the likes of Facebook and Google. Tom Watson, the shadow digital secretary, will on Wednesday say a regulator should also have responsibility for competition policy and be able to refer
cases to the Competition and Markets Authority.
According to Watson, any duty of care would only be effective with penalties that seriously affect companies' bottom lines. He has referred to regulators' ability to fine companies up to 4% of global turnover, or euro 20m, whichever is higher,
for worst-case breaches of the EU-wide General Data Protection Regulation.
The upcoming UK internet porn censorship regime being introduced later this year has set the UK authorities to thinking about a more rational set of laws governing what porn is legal and what porn is illegal in the UK. It makes a lot of sense to
get the UK stall straight before the commencement of the new censorship regime.
The most contradictory area of porn law is that often referred to as 'beyond R18 porn'. This includes material historically banned by the Crown Prosecution Service (CPS) claiming obscenity, ie fisting, golden showers, BDSM, female ejaculation,
and famously from a recent anti censorship campaign, face sitting/breath play. Such material is currently cut from R18s, as censored and approved by the BBFC.
When the age verification law first came before parliament, 'beyond R18' porn was set to be banned outright. However as some of these categories are commonplace in worldwide porn, then the BBFC would have had to block practically all the porn
websites in the world, leaving hardly any that stuck to R18 guidelines that would be acceptable for viewing after age verification. So the lawmakers dropped the prohibition, and this 'beyond R18' material will now be acceptable for viewing after
age verification. This leaves the rather clear contradiction that the likes of fisting and female ejaculation would be banned or cut by the BBFC for sale in UK sex shops, but would have to be allowed by the BBFC for viewing online.
This contradiction has now been squared by the government deciding that 'beyond R18' pornography is now legal for sale in the UK. So the BBFC will now have a unified set of rules, specified by the CPS, covering both the censorship of porn sales
in the UK and the blocking of foreign websites.
This legalisation of 'beyond R18' porn will surely disappoint a few censorial politicians in the House of Lords, notably Elspeth Howe. She has already tabled a private members bill to restore the ban on any foreign websites including 'beyond R18'
porn. Her bill has now been rendered mostly irrelevant.
However there is still one genre of pornography that is sticking out of line, and that is cartoon porn featuring under age characters. Such porn is widespread in anime but strictly banned under UK law. So given the large amounts of Japanese
Hentai porn on the most popular tube sites in the world, then those videos could still be an issue for the viability of the age classification regime and could still end up with all the major porn sites in the world banned.
The new CPS censorship rules
The new rules have already come into force, they started on 28th January 2019.
A CPS spokesperson confirmed the change saying
It is not for the CPS to decide what is considered good taste or objectionable. We do not propose to bring charges based on material that depicts consensual and legal activity between adults, where no serious harm is caused and the likely
audience is over the age of 18.
The CPS will, however, continue to robustly apply the law to anything which crosses the line into criminal conduct and serious harm.
It seems a little bit rich for the CPS to claim that It is not for the CPS to decide what is considered good taste or objectionable, when they have happily been doing exactly that for the last 30 years.
The CPS originally outlined the new rules in a public consultation that started in July 2018. The key proposals read:
When considering whether the content of an article is “obscene”, prosecutors
should distinguish between:
Content showing or realistically depicting criminal conduct (whether
non-consensual activity, or consensual activity where serious harm is
caused), which is likely to be obscene;
Content showing or realistically depicting other conduct which is lawful,
which is unlikely to be obscene.
Do consultees agree or disagree with the guidance that prosecutors must exercise real caution when dealing with the moral nature of acts not criminalized by law, and that the showing or realistic depiction of sexual
activity / pornography which does not constitute acts or conduct contrary to the criminal law is unlikely to be obscene?
The following conduct (notwithstanding previous guidance indicating otherwise) will not likely fall to be prosecuted under the Act:
Activity involving bodily substances (including urine, vomit, blood and faeces)
Infliction of pain / torture
Bondage / restraint
Placing objects into the urethra
Any other sexual activity not prohibited by law
It is consensual;
No serious harm is caused;
It is not otherwise inextricably linked with other criminality; and
The likely audience is not under 18 or otherwise vulnerable.
When considering whether the content of an article is "obscene", prosecutors should distinguish between:
Content relating to criminal conduct (whether non-consensual activity, or consensual activity where serious harm is caused, or otherwise inextricably linked to criminality), which is likely to be obscene;
Content relating to other non-criminal conduct, which is unlikely to be obscene, provided the audience is not young or otherwise vulnerable.
Conduct will not likely fall to be prosecuted under the Act provided that:
It is consensual (focusing on full and freely exercised consent, and also where the provision of consent is made clear where such consent may not be easily determined from the material itself); and
No serious harm is caused (whether physical or other, and applying the guidance above at paragraph 17); and
It is not otherwise inextricably linked with other criminality (so as to encourage emulation or fuelling interest or normalisation of criminality); and
The likely audience is not under 18 (having particular regard to where measures have been taken to ensure that the audience is not under 18) or otherwise vulnerable (as a result of their physical or mental health, the circumstances in which
they may come to view the material, the circumstances which may cause the subject matter to have a particular impact or resonance or any other relevant circumstance).
Note that extreme pornography is considered illegal so will likely be considered obscene too. But the CPS adds a few additional notes of harmful porn that will continue to be illegal:
Publications which show or depict the infliction of serious harm may be considered to be obscene publications because they show criminal assault notwithstanding the consent of the victim. This includes dismemberment and graphic mutilation. It
includes asphyxiation causing unconsciousness, which is more than transient and trifling, and given its danger is serious.
So it seems that breath play will be allowed as long as it doesn't lead to unconsciousness. Another specific rule is that gags do not in themselves imply a lack of consent:
Non-consent for adults must be distinguished from consent to relinquish control. The presence of a gag or other forms of bondage does not, without more, suffice to confirm that sexual activity was non-consensual.
The BBFC changes its R18 rules
The BBFC has several roles, it works in an advisory role when classifying cinema films, it works as an independent and mandatory censor when classifying mainstream videos, but it works directly under government rules when censoring pornographic
films. And in this last role, it uses unpublished guidelines based on rules provided by the CPS.
The BBFC has informed BBC News that it will indeed use the updated CPS guidelines when censoring porn. The BBC explains:
The BBFC's guidelines forbid material judged to be obscene under the current interpretation of the Obscene Publications Act.
A spokeswoman told the BBC: Because the Obscene Publications Act does not define what types of material are likely to be considered obscene, we rely upon guidance from the Crown Prosecution Service (CPS) as to what classes of material they
consider likely to be suitable for prosecution.
We are aware that the CPS have updated their guidance on Obscene Publications today and we have now adjusted our own internal policies to reflect that revised guidance.
Myles Jackman And Pandora Blake
And a thank you to two of the leading campaigners calling for the CPS to lighten up on its censorship rules.
Obscenity lawyer Myles Jackman, who has campaigned for these changes for a number of years, told Yahoo News UK that the change had wider implications for the law. He said:
"It is a very impressive that they've introduced the idea of full and freely exercised consent in the law.
"Even for people with no interest in pornography this is very important for consent and bodily autonomy."
Activist and queer porn filmmaker Pandora Blake, who also campaigned to have the ban on the depiction of certain sex acts overturned, called the news a 'welcome improvement'. They said:
"This is a happy day for queer, feminist and fetish porn."
Acts that were banned that can now be depicted include:
The U.K. government is rushing to finalize a draft internet censorship law particularly targeting social media but key details of the proposal have yet to be finalised amid concerns about stifling innovation.
Government officials have been meeting with industry players, MPs, peers and other groups over the past month as they try to finalise their proposals.
People involved in those discussions said there is now broad agreement about the need to impose a new duty of care on big tech companies, as well as the need to back up their terms and conditions with the force of law.
A white paper is due be published by the end of winter. But the Department for Digital, Culture, Media and Sport, which is partly responsible for writing up the new rules alongside the Home Office, is still deliberating over key aspects with just
weeks to go until the government said it would unveil an outline of its proposals.
Among the sticking points are worries that regulation could stifle innovation in one of the U.K. economy's most thriving sectors and concerns over whether it can keep pace with rapid technological change. Another is ensuring sufficient political
support to pass the law despite likely opposition from parts of the Conservative Party. A third is deciding what regulatory agency would ultimately be responsible for enforcing the so-called Internet Safety Law.
A major unresolved question is what censorship body will be in charge of enforcing laws that could expose big tech companies to greater liability for hosted content, a prospect that firms including Google and Facebook have fought at the European
Several people who spoke to POLITICO said the government does not appear to have settled on who would be the censor, although the communications regulator Ofcom is very much in the mix, however there are concerns that Ofcom is already getting too
InternetMatters.org is group funded by UK internet and telecoms companies with the aim of promoting their role in internet safety.
The group has now published a survey supporting the government's upcoming introduction of age verification requirements for porn websites. The results reveal:
83% feel that commercial porn sites should demand users verify their age before they're able to access content.
76% of UK parents feel there should be greater restrictions online to stop kids seeing adult content.
69% of parents of children aged four to 16 say they're confident the government's new ID restrictions will make a difference.
However 17% disagreed with commercial porn sites requiring ID from their users. And the use of data was the biggest obstacle for those parents opposed to the plans. Of those parents who are anti-age verification, 30% said they wouldn't trust
age-verification companies with their personal data.
While 18% of parents claim they expect kids would find a way to get around age-verification and a further 13% claim they're unsure that it would actually reduce the number of children accessing pornography. Age-verification supported by experts
gaystarnews.com has published an article outlining the dangers of porn viewers submitting their identity data and browsing history to age verifiers and their websites. The article explains that the dangers for gay porn viewers are even mor
pronounced that for straight viewers. The artisle illustrates this with an example:
David Bridle, the publisher of Dirty Boyz , announced in October that last month's issue of the magazine would be its last. He said:
Following the Conservative government's decision ... to press ahead with new regulations forcing websites which make money from adult content to carry an age verification system ... Dirtyboyz and its website dirtyboyz.xxx have made the decision
The new age verification system will be mostly run by large adult content companies which themselves host major "Tube" style porn sites. 'It would force online readers of Dirtyboyz to publicly declare themselves.
Open Rights Group executive director, Jim Killock, told GSN the privacy of users needs protecting:
The issue with age verification systems is that they need to know it's you. This means there's a strong likelihood that it will basically track you and know what you're watching. And that's data that could be very harmful to people.
It could cause issues in relationships. Or it could see children outed to their parents. It could mean people are subjected to scams and blackmail if that data falls into criminal hands. Government response
A spokesperson for the Department of Culture, Media and Sport (DCMS) told Gay Star News:
Pornographic websites and age verification services will be subject to the UK's existing high standard of data protection legislation. The Data Protection Act 2018 provides a comprehensive and modern framework for data protection, with strong
sanctions for malpractice and enforced by the Information Commissioner's Office.
But this is bollox, the likes of Facebook and Google are allowed to sell browsing data for eg targeted advertising within the remit of GDPR. And targeted advertising could be enough in itself to out porn viewers.
UK-based porn viewers seem to be filling their boots before the government's age check kicks in as traffic to xHamster rose 6% in 2018
According to xHamster's Alex Hawkins, the trend is typical of countries in which plans to block online pornography becomes national news. It seems the more you talk about it, the more people feel invested in it as a right, he said.
The government has promised a minimum of three months for industry and the public to prepare for age verification, meaning they are likely to come into force around Easter. However this is a little unfair to websites as the BBFC has not yet
established the process by which age verification services will be kitemarked and approved as promising to keep porn viewers identity and/or browsing history acceptably safe. For the moment websites do not know which services will be deemed
Countries that have restrictions already in place showed, unsurprisingly, a decline in visitors. Traffic from China fell 81% this year, which xHamster put down to the nation's ban on VPNs and $80,000 cash rewards for people who shopped sites
hosting illegal content, like porn.
Elsewhere, the report showed an increase in the number of female visitors to the site -- up 42% in the US and 12.3% worldwide -- a trend Hawkins predicted would continue into 2019.
The government has published Online Pornography (Commercial Basis) Regulations 2019 which defines which websites get caught up in upcoming internet porn censorship requirements and how social media websites are excused from the censorship.
These new laws will come into force on the day that subsection (1) of section 14 of the Digital Economy Act 2017 comes fully into force. This is the section that introduces porn censorship and age verification requirements. This date has not yet
been announced but the government has promised to give at least 3 months notice.
So now websites which are more than one-third pornographic content or else those that promote themselves as pornographic will be obliged to verify the age of UK visitors under. However the law does not provide any specific protection for porn
viewers' data beyond the GDPR requirements to obtain nominal consent before using the data obtained for any purpose the websites may desire.
The BBFC and ICO will initiate a voluntary kitemark scheme so that porn websites and age verification providers can be audited as holding porn browsing data and identity details responsibly. This scheme has not yet produced any audited providers
so it seems a little unfair to demand that websites choose age verification technology before service providers are checked out.
It all seems extraordinarily dangerous for porn users to submit their identity to adult websites or age verification providers without any protection under law. The BBFC has offered worthless calls for these companies to handle data responsibly,
but so many of the world's major website companies have proven themselves to be untrustworthy, and hackers, spammers, scammers, blackmailers and identity thieves are hardly likely to take note of the BBFC's fine words eg suggesting 'best
practice' when implementing age verification.
Neil Brown, the MD of law firm decoded.legal told Sky News:
It is not clear how this age verification will be done, and whether it can be done without also have to prove identity, and there are concerns about the lack of specific privacy and security safeguards.
Even though this legislation has received quite a lot of attention, I doubt most internet users will be aware of what looks like an imminent requirement to obtain a 'porn licence' before watching pornography online.
The government's own impact assessment recognises that it is not guaranteed to succeed, and I suspect we will see an increase in advertising from providers in the near future.
It would seem particularly stupid to open one up to the dangers of have browsing and identity tracked, so surely it is time to get oneself protected with a VPN, which enables one to continue accessing porn without having to hand over identity
Kirsty Brimelow QC is the new chairwoman of the independent appeals panel for the age verification regime of the British Board of Film Classification. The panel will oversee attempts to prevent children gaining access to adult content online.
The initial term is for 3 years in the post
Parliament's Regulatory Policy Committee (RPC) has reported that the government's approach to internet porn censorship and age verification is fit for purpose, but asks a few important questions about how safe it is for porn viewers.
The RPC was originally set up a decade ago to help cut red tape by independently checking government estimates of how much complying with new laws and regulations would cost the private sector. Of curse all it has achieved is to watch the western
world suffocate itself in accelerating red tape to such a point that the west seems to be on a permanent course to diminishing wealth and popular unrest. One has to ask if the committee itself is fit for purpose?
Anyway in the subject of endangering porn users by setting them up for identity thieves, blackmailers and scammers, the authors write:
Risks and wider impacts. The Impact Assessment (IA) makes only limited reference to risks and wider impacts of the measure. These include the risk that adults and children may be pushed towards the dark web or related systems to avoid AV, where
they could be exposed to illegal activities and extreme material that they otherwise would never have come into contact with. The IA also recognises numerous other wider impacts, including privacy/fraud concerns linked to inputting ID data into
sites and apps.
Given the potential severity of such risks and wider impacts, the RPC believes that a more thorough consideration of each, and of the potential means to mitigate them, would have been appropriate. The RPC therefore recommends that the Department
ensures that it robustly monitors these risks and wider impacts, post-implementation.