Want to read more? Join my Patreon community

Age verification faces ongoing delay

Posted at 10:30 on 22 Jun 2019 by Pandora / Blake

Tags: age verification, AgeID, BBFC, DCMS, Digital Economy Act, Dreams of Spanking, in the news, law, legislation, MindGeek, Myles Jackman, Open Rights Group, porn, privacy

According to the Guardian, age verification "faces indefinite delay" due to bureaucratic incompetence:

"It is set to be delayed for legal reasons after government officials failed to notify the European commission of key details."

I shouldn't laugh, but this is comedy gold.

The massive privacy failings of this policy should have been a deal-breaker. Legislators should never have tried to regulate the internet by force of law when they don't understand how it works. Thanks to the tireless efforts of campaigners such as myself, Myles Jackman, Jim Killock, Alec Muffett and the rest of Open Rights Group, Backlash UK, Misha Mayfair and others, the threat that age verification represents to the privacy of internet users is well attested, and is now mentioned in any news coverage about the issue.

That alone is a win: it sets the tone of the conversation. That privacy threat should have been enough to persuade the Government to axe the policy. But even if it's sheer incompetence that will see it fail in the long run, the years we've spent emphasising the privacy threats will have been worth it. Centering the narrative that this policy was controversial, flawed and enormously risky makes it clear that if this policy fails, it's good riddance to bad rubbish.

The Secretary of State for Digital, Culture, Media and Sport, Jeremy Wright, made an apology for his Department's administrative error in Parliament this morning, and fielded questions about the delay. Here's what happened:

"In autumn last year, we laid three instruments before the House for approval. One of them—the guidance on age verification arrangements—sets out standards that companies need to comply with. That should have been notified to the European Commission, in line with the technical standards and regulations directive, and it was not. Upon learning of that administrative oversight, I instructed my Department to notify this guidance to the EU and re-lay the guidance in Parliament as soon as possible. However, I expect that that will result in a delay in the region of six months."

He later fleshed out the "six months" timescale in more detail:

"We need to go back to the European Commission, and the rules under the relevant directive say that there must be a three-month standstill period after we have properly notified the regulations to the Commission. If it wishes to look into this in more detail—I hope that it will not—there could be a further month of standstill before we can take matters further, so that is four months. We will then need to re-lay the regulations before the House. As she knows, under the negative procedure, which is what these will be subject to, there is a period during which they can be prayed against, which accounts for roughly another 40 days. If we add all that together, we come to roughly six months."

This policy was doomed from the start. It's gone through three culture secretaries now, and each one must have despaired at the mess he was inheriting. I can only imagine Jeremy Wright's dismay to discover that not only is the policy potentially unworkable, but that there's a legacy of administrative fuck-ups making his job even harder. Perhaps if the hot potato gets passed from hand to hand enough, someone will eventually drop it. We can only hope!

At the very least, this 6 month delay creates an additional opportunity to renew calls for mandatory privacy protections, and not a voluntary "certificate" which the BBFC are completely unable to enforce. MPs raised the privacy flaws of the policy again in today's debate: if we keep up the pressure and continue making our representatives aware of the issues, perhaps we will see a better-informed debate when the regulations are re-laid before Parliament in six months time.

Also hilarious (to me) is the impact these further delays will have on age verification companies, who have invested loads of money into building software solutions to turn the Government's shitty vision into shareholder-owned gold. Perhaps if they hadn't leapt to turn a profit by poorly implementing a policy that represented unavoidable privacy and free expression risks, they wouldn't be facing the risk of a massive loss now.

I have to admit, I'm rather relieved that I haven't wasted loads of time and effort setting up age verification on Dreams of Spanking. I wanted to wait, firstly until the BBFC had launched their privacy certification scheme so I could ensure that any age verification provider I used was fully compliant with it... and secondly until the BBFC actually prompted me to set up age verification. They are likely to have their hands full with the big sites once enforcement begins, and given the inevitable impact age verification will have on my viewers (and my sales!), I have no desire to voluntarily implement it any sooner than absolutely necessary. Now it looks like if I wait long enough, I might not have to...

Will MindGeek launch AgeID anyway?

Security expert Alec Muffett has raised one interesting question. Since MindGeek already has the software in place to implement age verification, and claim to care about "protecting children", surely they should roll it out now - even if the law doesn't require them to? After all, they've been supporting this policy since the beginning, as evidenced by this email from their Director of Digital to DCMS in 2017:

(I particularly love the smiley.)

Since this policy was first mooted, MindGeek have expressed their full support for making a potload of money off harvesting people's data - ahem, sorry, I mean "protecting children".

So come on, MindGeek: why not go ahead with implementing age verification now anyway? Unless there's some reason why that would be a terrible idea...? Heaven forbid.

DNS encryption makes enforcement unworkable

This bureaucratic delay comes on the heels of revelations that Mozilla Firefox is shortly introducing DNS encryption. Somewhat like TOR browser or a VPN, this will prevent nosy officials from seeing what domain names we are visiting - and, as a ticklingly enjoyable side effect, also prevent ISPs from blocking websites that don't comply with age verification. Given this is the main sanction threatened by the Government to make the big overseas sites comply with their policy, it goes to show just how unworkable the whole idea of regulating the internet via national legislation is in the first place.

Mozilla Firefox is thought to be pushing ahead with the roll out “DNS encryption”, despite government "concerns" they and ISPs will be unable to see what website we are looking at and block them.

Speaking at the Internet Service Providers Association's Annual Conference last week, Mark Hoe, from the government’s National Cyber Security Centre (NCSC), said they would not be "able to block" websites that violate the porn block and enforce the new law.

MPs are well aware of this hitch to their plans. As MP Cat Smith said to Jeremy Wright this morning:

"The ultimate sanction under the age verification regime was the power to block rogue sites, with internet service providers compelled to comply, but new encrypted browser software is about to undermine this system fundamentally. The encryption will mean that ISPs are blind to the sites that users visit on the internet, and they will be unable to block rogue sites that compromise the safety of children. That system—DNS over HTTPS—undermines not only the age verification system, but the entire foundations of the regulation laid out by the Government in the online harms White Paper. Does the Secretary of State agree that online companies are outsmarting the Government, and that we urgently need to know how the Government plan to catch up?"

In the famous words of Internet pioneer John Gilmore, "The Net interprets censorship as damage and routes around it." I'd wish the Government good luck making age verification work - they'll need it. But frankly, the whole policy deserves to go down in flames. As I advised in my recent interview for Radio Ava: porn site owners and sex workers, I wouldn't bother scrambling to comply. The whole age verification programme is doomed, and even if it isn't, if might be years before BBFC have the resources to notice you exist.

Lie low, breathe quietly, and it might all blow over before we have to do anything about it.

This article was originally posted on my Patreon. Posts like this (and the campaigning that lead to them) are made possible by my amazing Patrons. Join them, get cool rewards and help me make more positive change happen!


Hi Pandora,

Important stuff and a ray of hope. I've seen a few people reference the impending DNS encryption in firefox but it seems that as of version 60 or 62, so at least 9 months ago, they seem to have done it. By default it is turned off, and when it is turned on by default it uses cloudflare, which people might have their own concerns about but ultimately you have to trust someone.

It isn't in the security settings as anyone might expect, it's in Preferences > General > Network Settings and the option is called "Enable DNS over HTTPS" with the mozilla/cloudflare collaboration as the default DNS provider which it will use instead of the one run by your Internet Service Provider (who in the UK are required to log).

It might be slightly overstating the case to compare it to a VPN or TOR, it protects the domain name you are visiting but not the IP. Letsencrypt sounds like a good way for small sites to impliment HTTPS.

I am not an expert on any of this.

Recently in the media was made mention of the driving licence or passport which could be scanned and sent to a site provider to pass verification tests.

Easy for anyone to 'borrow' one from a parent and submit it is it not? Plus the data value of these instruments to a fraudster or criminal is immense. What if a disgruntled employee of a verification provider steals data including these items? It further adds to the possibility of blackmail being effective, if data is stolen and sold about people's private interests and with a means of identifying the person too.

Also now starting to be mentioned in relation to this bill is the sites that may contain adult material, like Amazon, how will this work if you only want to go and buy some biros, will you need to prove you are 18 or over just to go on there? Or because the majority of their products on their site are non-adult related, are they exempt from having to verify age?

As you mentioned previously, if a site that contains a third or less of adult material is exempt, what quantifies this? If you provided two thirds erotic literature and one third adult visual pornographic materials, then presumably you are exempt?

And does erotic literature have a level where it is judged to be 'erotic' rather than 'pornographic'?

How will this law apply to sites hosted in other nation countries?

Another factor is, if we are leaving the EU in the next few months then consulting the EU about this bill is irrelevant.

Back in the old days, people at school would swap magazines they'd managed to obtain, these days material is exchanged peer to peer on phones or cards, that is going to be very difficult to prevent.

This is a puritan sledgehammer to crack a nut that really is not going to work. Prohibition never worked, it just made criminals rich. Many things are prohibited to possess such as narcotics, but they are a flourishing industry. That is a far more dangerous situation that requires fixing.

When you use a sledgehammer to crack a nut, it isn't just overkill, it renders the nut inedible.

Pretty much since it started anyone on the internet has only ever been a few clicks from pornography. This is normalising.

A number of laws have been declared unenforceable becuase juries don't back them. It's a major shift in social attitudes that's happened along side the rise in popularity of the internet.

A law that changes the norm has the potential to change the way pornography is enforced long term.

Indeed, a problem is that those this new law is aimed at protecting, often don't see anything wrong in sending video or images peer to peer, or they think that existing laws regarding this seemingly do not apply to them.

It seems no one making this law has thought that these people might get hold of their parents material and distribute it among their peers? This new law won't protect against that.

If those under 18 can't get to the material on-line, they will obtain it through file sharing which is already widely reported and the viewing and possession will continue.


I am very interested in this topic and I'm glad that I found this blog. I love how everyone is sharing their insights about this topic.

Add your comment:

Post as:

(or log in to post with your own username)



Want to read more? Join my Patreon community
Become a Patron!

Find Pandora online

Feminist porn

Spanking porn

Spanking blogs

Sex and Politics blogs

Toplists & directories