Good news from the EU

I have just heard the Finnish Presidency of the EU has decided NOT to press for a resolution of the ePrivacy Regulation before end of the year. I think we can say “hurrah!” This means the status quo remains i.e. no objection to continued use of PhotoDNA for known images or other tools with similar technology-based child protection aims in the messaging space. When the processes start again in the New Year, with a new Commission, we will need to dig in and make sure it does not go off the rails again.

In the medium to longer term we also need to address the issue of the evident lack, among privacy  lawyers and privacy professionals, of an understanding of how different parts of the technology space can impact on young people’s health and safety.

Posted in Child abuse images, Default settings, Internet governance, Privacy, Regulation, Self-regulation

The bad news just keeps on coming

Swift on the heels of the New York Times piece the UK’s Daily Telegraph publishes, for the first time, figures provided by the IWF showing how social media and other services operating on the open web  in UK are failing to deal with csam. Twitter the worst offender.

Posted in Child abuse images, Regulation, Self-regulation

Voluntarism just isn’t working. Again.

Another excellent major story  has appeared in The New York Times. It details the failings of high tech businesses to address the scourge of child sex abuse still images and videos on the internet. The failures of voluntarism are again manifest.

If  child safety and security were really embedded in a company’s culture, if it was indeed a top priority, stories like these would simply not be possible. Yet they have been appearing for years.

Truly, when technology companies cannot get this right what confidence does this inspire in their ability to get anything right?

Too many companies appear only to shift when a judge or smart journalists finally nail them. The NYT deserves a medal for giving these journalists, Gabriel Dance and Michael Keller, the space and resources to pursue the story, which they have been doing for a great many months.

The only parallel I can think of in the UK is the  support given by The Guardian for Carol Cadwallader’s reporting on Cambridge Analytica and, earlier, on the work done around the Snowden revelations. Why is British journalism in this state? Because high tech businesses have been winning all the advertising revenues that previously supported solid journalism.   What you might call an unvirtuous circle.

Historically journalists have been an important pillar of democracy but if tech neuters or reduces the capacity of journalism where does that leave us? Who benefits?


Posted in Child abuse images, Facebook, Google, Microsoft, Regulation, Self-regulation

A sad sequel

I have every sympathy for Nicky Morgan MP  who, last night, announced she was standing down from Parliament, essentially because she has had enough of being a politician. The abuse and the toll it was taking on her family life were the principal reasons given. I completely get that. However, only two weeks ago the same Nicky Morgan, as Secretary of State at DCMS,  announced a delay in implementing age verification for commercial pornography web sites.

Children who could have been protected from viewing horrific, abusive images will now be exposed to them for maybe a further year, two years, no one knows, at any rate for longer than need have been the case.

That is entirely down to Nicky Morgan and now she is walking away. Something about that does not feel right. In the forthcoming General Election campaign I look forward to hearing Boris Johnson’s views on children’s exposure to pornography. How will he explain and justify his Government’s decision not to act when everything was ready to go?

Posted in Age verification, Pornography, Regulation, Self-regulation

A letter from the Government

Here is a link to a reply from the Government on the question of age verification for pornography sites. No surprises but, equally, confirmation that age verification  remains as part of the plan.
Posted in Uncategorized

Age verification for porn sites. How we got here.

Online gambling in the UK began to take off in the early 2000s. It sprang out of the rapid growth of the consumer oriented internet. I was soon getting calls from distressed parents whose children, typically 14/15 year old boys, had been diagnosed as “gambling addicts”. Not many calls, but there shouldn’t have been any. 18 was and is the relevant age limit.

These boys had bank accounts with debit cards that could be used to engage in a whole raft of online transactions. The children were being classified as addicts because, among other things, they had developed a compulsion which led them to stealing things from their family and friends, converting the items into cash to put into their bank accounts so they could go online and blow everything on a football game, a horse race or whatever.

To open an account with an online bookie all a person had to do then was tick a box to say they were 18. That was it. No further checks were made. Hence the problem.

I went to see several large and ostensibly respectable gambling companies. Face to face. Most of them said the same thing. They were aware of the problem of under-age gambling on their web sites and took it “very seriously” but actually the majority  were not prepared to do anything about it. In essence they were worried if they did age verification on a voluntary basis their less fastidious competitors would draw away some of their customers who just preferred to avoid the hassle. Deadlock.

A change in the law changed everything

Long story short, when the Government initiated a review of gambling in 2003, the children’s groups lobbied to make age verification mandatory for online gambling even though, at that time, there was really no such thing as an “age verification industry”.

Appropriate clauses were inserted into the Bill as it progressed through Parliament. The Gambling Act 2005 became law with all-Party support. Then capitalism worked its magic. Businesses sprang up to do age verification or existing systems were adapted to make age verification easier. Since the new law came into effect I have not heard of a single case where a child was able to do what they did before, namely tick a box to claim they were over 18 then go on to gamble.

A couple of wrinkles have emerged. The Gambling Commission is addressing these and new forms of online behaviour have developed e.g. loot boxes in games, which have not yet been recognised as gambling. They will be.  Online businesses selling alcohol, tobacco, knives and other age restricted products which take 18 as their baseline have been following suit. Ripples in the pond and all that.

But porn?

What happened with online gambling provided the inspiration to press on to address online pornography. It gave birth to what became, in effect, a twelve year long campaign to get online pornography sites to do the same as gambling sites, and for the same reason. To protect children.

Once again we received significant support from all of the main political parties, particularly from a group of prominent women Parliamentarians in both Houses.

Following its inclusion in the Tory Manifesto and the subsequent passage of the Digital Economy Act 2017, all thenecessary regulations were drafted, consulted upon and approved. We started getting the bunting ready as D-Day approached. Then 16th October  2019 happened.

Bad but not fatal

I think the UK Government made a bad decision when they announced they were not going to approve the final set of regulations. These were the ones which would press the button to make the policy operational more or less immediately. The infrastructure was ready and in place. Everything was ready and in place. The civil servants and the designated Regulator (the BBFC) had spent millions getting there, ditto the porn companies and the age verification businesses.

Political decision

The decision to call a halt was a political one taken at the highest level. That it was announced on a day which pretty much guaranteed it would struggle to get coverage in the media is evidence people in those high places were aware they were doing something dodgy. Brexit madness provided and continues to provide cover.

We have a  new Government

Coming out of nowhere, as it did, we still have to ask the obvious question. Why? For one thing, although the current Government is, as it was before, a Conservative one, it is nevertheless a new  Administration.

Theresa May has gone. Boris Johnson is the new kid on the block and when he became Prime Minister he appointed a load of new Ministers. One of these is Matt Warman MP, the DCMS Minister for Digital and Broadband. In an earlier life,  Warman was Technology Editor of the Daily Telegraph. He came to his new job with opinions and knowledge. One of the great things about being a Minister is you can set an agenda.

One cannot rule out the possibility of political influences from elsewhere e.g. No. 10, but my hunch would be that Matt Warman was lobbied by his erstwhile friends in the tech space and their close allies in the free speech and civil liberties communities. Either way he took up the cudgels, convinced his Secretary of State and the rest we know. Were all the senior civil servants happy with this? Did they have a hand in the volte face? We may have to wait 30 years for the memoirs to appear before we know the real answer to that.

On ice not frozen out

Even so, as I made clear in my earlier blog the Government has emphatically not said they are abandoning age verification for porn sites but Ministers are saying the later publication of the Online Harms White Paper, with its emphasis on the creating an overarching duty of care, does change the wider environment. On that they are definitely right. Not sufficiently to justify delaying the commencement but there you go.

Aside from needing to align with the duty of care, with the stated aim of making the UK’s approach to online child protection even stronger, what else might  have been behind the Government’s decision? I think there were two main issues, both of which we had spotted and raised very early on in the legislative process, and two others which have arisen since.

If you plan to try to get age verification going in your country, take all this on board now so you minimise the risk of hitting similar buffers.


Consuming porn on the internet is not the same as ordering alcohol, buying cigarettes or knives or placing a bet on a horse and it is no good trying to pretend otherwise. Hypocrisy is the tribute that vice pays to virtue – in this case literally.

However, even though the privacy lobby had shown scant concern for porn consumers’ privacy rights before this measure came along, when the world’s largest producer of porn announced they were going to create an age verification solution and become an age verification provider, opponents of the policy were handed a major publicity gift. These opponents seized it and invented a series of wholly bogus or hugely exaggerated fears.

Nevertheless, because the privacy code of practice that is linked to the age verification policy was made voluntary, rather than compulsory, it did create tensions. Even people sympathetic to introducing age verification were not wholly unsympathetic towards.

If I had to pick a single aspect which is most likely to have motivated Warman to do what he did, it would be this.

Tip:  if you are addressing porn in your country do not think of privacy as “someone else’s problem or a different and unrelated issue”. Make it part of the deal from Day 1.

It may seem weird  for child protection people to worry about the privacy of porn consumers but if you don’t take care of it be prepared for it to come back to bite you. The objective here is to change the law to protect children from porn. It is not to persuade adults not to consume it or to frighten them with the risk of exposure (so to speak).

Social  media

This was the second major issue.

As the Bill was going through Parliament the Government refused to countenance expressly including social media sites within the ambit of the Bill because the social media companies  are not principally in the business of publishing porn. The assumption was social media companies would find a way to fall into line if only to avoid giving the Government a reason to come back at them.

At the time it felt that by going for age verification for porn sites the Government was being dramatic, bold, complicated and revolutionary. Drawing social media into the frame was a step too far. In other words the last Government “bottled” it. The new Government seems unwilling to do the same and wants to sort it out now. Hey ho again.

In a minor key

Other factors? Voices were raised to argue the BBFC was the wrong organization to be the Regulator. In part the BBFC seemed to me and others to be the obvious choice because of its expertise and experience in online content classification and because the only plausible alternative, OFCOM, repeatedly said they wanted nothing to do with it. Cynics suggested this was because OFCOM thought the policy was doomed to fail.

Could it be OFCOM changed their mind and went in to bat to pull it back?

Then there is the EU’s approaching AVMSD. Brexit or no Brexit this complicates things. The suggestion is civil servants in the age verification bit of the DCMS had missed it.  When their bosses realised this they also had a reason to bring everything to a full stop and wind back.

Politics is murky at the best of times and these are not the best of times.

Until the dust has settled on Brexit and the imminence or otherwise of a General Election is clearer it is hard to know how best to respond to the current situation. Should we mount a campaign to get the Government to change their mind or should we take them at their word and go with the grain?

I am certain age verification for porn sites is on its way in the UK but it could be that the UK will now not be the first liberal democracy to introduce it.

Watch this space.

Posted in Age verification, E-commerce, Regulation, Self-regulation

Journalism and wishful thinking

Today there is much concern about the accuracy of words appearing on the internet. That being the case is it unreasonable to hope journalists make clear when they are offering an opinion about, or an interpretation of, events? If that is too much to expect could they not state what the facts are meant to be before going on to rubbish or rewrite them?

I mention this in the context of what happened last week when most (not all) media outlets reported the UK Government had “dropped” plans to use age verification as a mechanism for keeping children away from commercial pornography sites.

Almost all (“almost” being the key word) media outlets went with that line. There was absolutely zero basis for it when judged solely by what the Government actually said.

Journalists hunt in packs

Journalists often hunt in packs and are under severe time pressures to produce copy so while it may be annoying, or worse,  you know the rules of the game and can take counter measures. However, when an academic who invokes the magnificence of Emmanuel College Cambridge starts repeating opinions and interpretations gleaned from the ephemera of Fleet Street and rebirths them as “fact” you have to pause for thought.

Which brings me to the article in yesterday’s  Observer by Amy Orben.

Orben opened by asserting the Government’s plan to introduce age verification to restrict children’s access to online pornography was not only “dead” but had been for “months, if not years”.  As someone who had been involved with this initiative from Day 1 that came as a revelation.

There was nothing in the Government’s statement of 16th October which supported Orben’s view. On the  contrary the Secretary of State was clear that, in the Government’s new and expanded vision for policy in this area, she “expects age verification to continue to play a key role in protecting children online.”

On 17th October, in response to an Urgent Question tabled by Margot James MP,  in the House of Commons the  Parliamentary Under Secretary at DCMS faced a barrage of hostile questioning  from more than a dozen MPs. At no point did he swerve or even hint at a swerve on the matter of age verification for dealing with online pornography. He said he wanted to locate it within a broader range of measures but that is not the language of abandonment or dilution.

So whatever Orben was expressing in the article in The Observer it had no factual basis.  Moreover I am not the only person who appears to have read the Government’s announcement differently from her.

In a typically alarmist and exaggerated way on 16th October on the ITV web site Myles Jackman of the Open Rights Group is quoted as follows

“Superficially (the Government’s announcement) may seem like a victory for privacy and security, but the lacuna….. that they would be considering extending age verification to social media platforms like Twitter and Reddit without considering the risks to intimate personal sexual information being leaked onto the internet is frightening.” (emphasis added).

I rest my case.




Posted in Age verification, Default settings, E-commerce, Pornography, Regulation, Self-regulation | 1 Comment