Under the Government’s Digital Economy Act, from April 2018 UK web users will have to register their details to access pornography via an age verification tool. The AgeID tool has been developed by MindGeek which runs sites such as PornHub, YouPorn and RedTube. The tool has been in use in Germany since 2015. The tool would only be effective for those who go directly to porn sites rather than use search engines or follow social media hashtags which contain pornographic content.

AgeID uses multiple verification methods such as credit cards, mobile numbers, passport and driving licence numbers and would also use ‘third-party age-verification companies’ to authenticate those signing in. However, it isn’t clear that collecting such data is compliant with the law, more so with the upcoming General Data Protection Regulation (GDPR) legalisation due to take effect at the end of May this year. MindGeek has added that it will not store any data itself. Neither the government or the appointed regulator, the British Board of Film Classification (BBFC) has been able to provide details about how it will work.

The measures are being introduced to protect children from accidentally stumbling across pornographic content, although many ISPs offer an adult filtering service. For the more tech savvy users who want to access pornographic material they would just switch to using virtual private networks (VPNs) which mask the geographical location of the device accessing the internet by using encrypted connections. It would seem that your device is accessing the internet from another country, such as the Netherlands. So we have on the one hand, the Government wanting to water down encryption to combat extremism but on the other introducing measures such as this. These measures would force users who don’t want to sign up to access pornographic content, to utilise other encrypted means or accessing the dark web using the anonymous web browser, Tor. It seems counter efforts on one side against another. Furthermore, for casual web users who consume pornographic content, many of them would just bounce off the websites when confronted with the AgeID sign-up form and go to view smaller, lesser known websites that could be riddled with malware, key-loggers and spyware, potentially exposing sensitive information that could be used in fraudulent activities.

Then comes of the question of who is storing the data of all the users that have signed up via AgeID. MindGeek said it won’t store any data so will the government? In any case, such a database of users who consume pornographic content would be a ‘treasure trove of private information’ according to Myles Jackman, the legal director of the Open Rights Group. A juicy target for hackers to potentially blackmail the users who have signed up. This is similar to the Ashley Madison scandal in July 2015 where user information was stolen and the hackers threatened to release that information if the Ashley Madison website was not immediately shut down.

If the government is storing this information and it gets breached, would the EU enforce fines under GDPR legalisation and would British citizens ever trust the government again with their data? Perhaps not. Many critics believe the whole strategy is ill-thought through and puts us firmly on the road to censorship of the internet.

The Open Rights Group fear that such a breach is ‘inevitable’.

Sources

BBC News – Porn check critics fear data breach
Wired – Tuesday briefing: Data breach “inevitable” under new UK porn registration laws, Open Rights Group