Posted at 16:32 on 8 May 2016 by Pandora / Blake
Response to the Government consultation on Child Safety Online: Age Verification for Pornography
3: Privacy, surveillance and freedom of speech
Freedom of expression is important and must be protected. The UN Special Rapporteur for Freedom of Expression, Frank La Rue, stated last year in his report on the promotion and protection of the right to freedom of opinion and expression that "the right to freedom of expression includes expression of views and opinions that offend, shock or disturb". His report also noted that restrictions on access to information can have a "chilling effect", whereby individuals restrict their own activities in anticipation of being forced to comply, often over-estimating and censoring themselves far more effectively than if it were left to government enforcement. He concluded that restrictions on access to information online must be:
- limited to exceptional circumstances
- governed by law and a clear legal process
- necessary and the least restrictive means required to achieve the aim.
The Open Rights Group has reiterated the importance of these principles; they limit the extent to which governments, businesses or others can limit the free access to information, whether through overzealous efforts to protect citizens, or more abusive attempts to control free access to information.
Freedom of expression and online privacy are rights which the UK has made repeated commitments to uphold. In December 2011, the Foreign Secretary William Hague affirmed the importance of these rights, and the UK Government's commitment to them, citing "the need to respect individual rights of privacy" as one of the core principles for governing behaviour in cyberspace.
To uphold these principles of privacy and freedom of expression, it is essential that age verification controls for online pornography do not require viewers to upload identification, or reveal personal details that risk compromising their privacy. As Jerry Barnett explains at Sex and Censorship:
Age verification providers will know which sites each user is trying to access. […] Evangelists for age verification suggest that this problem could be averted by the creation of an 'anonymising hub'. But potentially, the hub multiplies the privacy issue. Now, there is a central database linking individuals to porn sites. Who would have the right to access, browse and search the database? Would the police ever have reason to request to access it? Would some alliance of hackers steal and publish data, just to prove they could, or use it for blackmail? Once this data is stored in a single place, the privacy implications are astounding.
The UN Special Rapporteur for the right to privacy recently affirmed that anonymity enables individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserves strong protection. Any identity systems connecting visited sites to a verified ID would threaten the fundamental human right to privacy; and any corresponding database would be highly vulnerable to data leaks or misuse.
During the 2015 debate on the Online Safety Bill in the House of Lords, the Earl of Erroll also raised the issue of privacy in relation to discussions over age checking:
For various social reasons, it is felt that it is unfair for people to have to declare their identity publicly if they are looking at adult content which it is perfectly legal to watch, or buying alcohol and so on. For instance, if a Muslim buys alcohol and the mosque gets to know about it because their identity had to be declared and retained publicly, they might suffer greatly. Equally, if a Cabinet Minister happens to view some pornography or adult material, that is perfectly legal but, if certain newspapers were to find out, the Minister’s career would be destroyed overnight. This is the challenge and the difference. We have to remember that this stuff is legal for the over-18s, but there are social pressures and public opinion, which we may or may not agree with, so I think that we have to protect people’s privacy.
Adequate controls to prevent young people from seeing adult content already exist. Internet filters are already operated by mobile phone operators by default, and since 2013 BT have operated a system of "family-friendly" filters bought in from the US company Nominum, that subscribers must actively opt out of. The main public wifi providers have also committed to applying "family-friendly" filters wherever children are likely to be present in the public sphere. There has been widespread criticism of default internet filtering, and there are ongoing campaigns to challenge the tendency of ISP filters towards over-blocking.
The UN Special Rapporteur on the right to freedom of expression criticised default internet filters and web blocking, and found that in the case of child protection online, no additional measures were necessary:
While the protection of children from inappropriate content may constitute a legitimate aim, the availability of software filters that parents and school authorities can use to control access to certain content renders action by the Government such as blocking less necessary, and difficult to justify.
These existing efforts are, in other words, already more than enough; there is no need to add further layers of regulation and control.
Moreover, age verification controls such as those proposed in this policy document are themselves already compulsory for UK pornographic websites, and have been since 2010 - with enforcement provided by ATVOD and Ofcom, and civil sanctions applicable to those who do not conform. There are however numerous problems with existing methods, such as the risk of identity theft and credit card fraud. Rather than extending this policy beyond UK borders, we should seek to moderate it, and curtail the risk it poses to individual privacy.
Overall, the UK already has one of the most comprehensive online censorship systems in the world - more so than any other European country. Far from being a "leader" in devising new forms of online control as the proposal claims, the UK is going where no other nation is willing to follow. Neither the US nor most EU states have felt it necessary to resort to widespread use of internet filters, web blocking, or mandatory age verification on sites hosting explicit content; the UK will be alone in considering such extraordinary lengths to be acceptable.
The nature of the internet is such that adult content is not neatly contained within industry websites that can be controlled by commercial regulations. Explicit material is also shared on millions of blogs, personal sites, forums, online communities and social media. Explicit content is also frequently shared on Snapchat and other direct messaging services. The proposed age verification framework cannot possibly expect to cover all these global web communities, communication tools and systems.
Mandating age verification controls on all sites that are accessible from within the UK, even those operated overseas, is an over-ambitious and unworkable proposition. The expectation that the Government could compel international server hosts to "take down" sites that do not comply with UK regulation is deeply unrealistic. It is likely that many international hosting or billing providers will be unwilling to co-operate with the UK government; at which point the only way to unilaterally impose access controls on sites hosted outside the UK would be the institution of a new UK-wide firewall, blocking any site that did not comply: an idea that was, funnily enough, proposed in the Conservative Party’s election manifesto. Implementing this firewall would massively compromise the digital liberties and freedom of speech of UK citizens.
Currently the only other countries imposing this sort of blanket internet restriction on its citizens are China, Saudi Arabia and Iran. Overall, these proposals form part of an overall push towards increased surveillance and record-keeping of online activities which causes grave concern.
Before considering the 'should' of a new policy, it is necessary to consider the 'how'. Thinking through the proposed process for age verification step by step, the problems immediately become apparent.
Let us envisage an adult who has entered a keyword into a search engine, hoping to find erotic content which is relevant to their interests. The search engine will serve them with a list of links to adult websites. Clicking on any of these links, they will be obliged to enter identifying information before they even enter the site. They may know nothing about who owns the site, how trusted it is, or whether it is relevant to their search; and yet they will be asked for sensitive personal or financial details before they can find out. If they wish to browse multiple sites, they may have to enter and re-enter their information multiple times.
In practice, there are two ways this process might be managed. The first is for each website to handle age verification independently. In this case, sensitive, identifying personal information such as credit card details, passport or driving licence data, or electoral roll information will be entrusted to billions of site owners worldwide. This would make the risk of identity theft and credit card fraud unmanageably high.
The more commonly discussed option is for commercial agencies to provide identity management services to be installed on individual websites, much like credit card payment processing is currently managed. Ownership of sensitive user information would only be visible to the age verification service, which would handle security such that pornographic site owners would not need to ever learn the identity of their users, only that the age verification service had approved them as being over 18. This might perhaps serve as the "anonymising hub" mentioned previously.
The problem is that even if identifying information such as real name or date of birth is withheld from the pornographic site the user is trying to access, the identification service acting as mediator would have access to two sets of sensitive information: both the identification details of the user, and the list of porn sites they had tried to access. The result is a corporate agency collecting a vast amount of sensitive information which then becomes a huge target for abuse, resale or rental to advertising services, data-mining and intentional or unintential leaks.
Another way of outsourcing data security would be to entrust identity management to a web browser; for instance, users could verify their age by uploading ID once only to their Google account, and then use the Chrome browser to view porn, with Google providing verification to each site visited. This model hopefully clarifies the privacy implications of entrusting identity-based age verification to any third party.
It is stigmatising to expect records to be kept about what we do with our genitals, and what we think about while we do it. I know that I personally would not trust any government department or corporation - and certainly not Google or Facebook - with a complete list of my porn browsing history that was verifiably attached to my legal name. I imagine that many individuals in sensitive professions, such as those working with young people, or in Government, would feel the same way. The Earl of Erroll summarised these issues during the 2015 debate on the Online Safety Bill in the House of Lords:
Checking age is quite complex—for various reasons I prefer the word "checking" to "verification". There are lots of ways of doing it but it is difficult to produce something that is workable in the real world. Credit cards are not the answer, and the net neutrality principle coming out of Europe will also cause problems. All sorts of things like that have to be taken into account. Getting it right in the long term for children's safety is much more important than trying to rush through something that looks good. We should remember the saying "Legislate in haste and repent at leisure".
Privacy campaigners are clear on this: credit cards, driving licences, passports and the electoral register are unworkable as an age verification method for online pornography. There is too much stigma attached to porn viewing, too much potential for salacious data leaks, and too much at risk for individuals to come to great personal and professional harm simply because they were looking at legal material online - which all of us are entitled to do. I have heard some proponents of age verification discussing possibilities for an age checking service that did not need to see ID - such as a system that analysed the social media usage of your given web handle, making a guess based on the type of content you posted and the ages of the people in your network. But this idea is full of holes - the most reliable data would be gleaned from Facebook, which has a real name policy where individuals are required to show ID to prove their identity, thereby making it an impossible method for pseudonymous or anonymous age verification - and in any case, such a system has not been developed.
In conclusion, there is no secure, reliable, and independent age verification system which does not risk loss of privacy by sharing personal details, or risk fraud by sharing financial account information. The proposal document itself admits that "This is an ongoing area of work and its outcomes are yet to be determined, but [...] there is considerable interest from the private sector in developing age-verification solutions." This speculation is hardly indicative of a well-tested, mature technology that is ready for use. It is nonsensical to legislate mandating the use of technology that has not yet been developed or tested.
Politicians understand why privacy is important when it suits them. MPs recently voted against an investigation into the Panana Papers; the paperwork surrounding the MP expenses scandal has been destroyed. In November 2015, Home Secretary Theresa May refused to release her internet browsing history in response to a FOI request, saying that the request was "fishing for information without any idea of what might be revealed". For there to be one rule for those in power, and one rule for the rest is the height of injustice. It is wrong to demand that internet users expose sensitive data about their porn viewing activity to government or corporate agencies while ministers claim the right to preserve their own personal privacy.
Perhaps the Co-Chairs of the UK Council for Child Internet Safety, Baroness Shields OBE, Karen Bradley MP, and Edward Timpson MP might lead the way, and publish their own internet browsing histories to show their good faith in drafting these proposals.
Mandating age verification on online pornography might sound like a good idea a first glance, but with currently available technology it is unworkable in practice. The collection of millions of people's personal identification data alongside records of the pornographic sites they have visited has catastropic implications for government surveillance of citizens' private lives, and potential loss of personal privacy. There are many valid social reasons why people might wish to keep their legal activities private, and restricting access to online pornography would increase the amount of social stigma associated with it. Mandatory age verification would have the effect of stigmatising consensual adult sex, fostering ignorance about sex among young people, and increasing its taboo appeal. It is not enough to claim that suitable anonymising technology "might" become available; until such software has been developed and rigorously tested, these proposals should not be being discussed.
The opinions of the UN Rapporteurs has been made clear. These proposals contravene UN policy on privacy, surveillance and freedom of speech, and risk bringing UK law into conflict with the European courts of justice and human rights. In seeking to extend government powers to cover our online activity, these proposals form part of a larger push towards increased surveillance, databases and control that threatens all of us, and must not be accepted.