Posted at 17:00 on 14 Dec 2018
by Pandora / Blake
Information security expert Alec Muffett has posted an essay analysing the data security proposals of the BBFC with regards to Age Verification - including some damning commentary on the fact that all parties responsible for implementing AV are blithely ignoring the legal sensitivity of the data involved under the Data Protection Act:
The UK Government has passed the Data Protection Act (DPA) which guarantees sensitive “…processing of data concerning an individual’s sex life or sexual orientation” — §86.7e — and yet apparently nobody wishes to consider that if a person regularly age-verifies in order to access “ireallylikegayporn.com”, the resulting metadata trail will clearly constitute “data concerning [their] sex life or sexual orientation”.
He explains why the April 2019 deadline for enforcement is so rushed as to preclude any sensible security consultation, and gives a good analysis of the deficiencies of the proposed data security mechanisms for AV with reference to the benchmark provided by credit card security standards.
Keep reading »