Security Concerns Persist With UK Age Verification Mandate Drew Wilson | March 7, 2018 The age verification mandate in the Digital Economy Bill is still drawing fire from digital rights advocates in the UK. We’ve been monitoring the situation surrounding the Digital Economy Bill here on Freezenet. The legislation was passed last year. Among the concerns were the issues surrounding age verification. In December, it was announced that the BBFC would manage the system. Among the chief concerns about age verification is the fact that all websites would be mandated to carry the technology should they be found to deal in explicit content. If they do not conform to the age verification system, then those websites would risk being blocked by British ISPs. Such systems involve private companies tracking information about their users and storing that information themselves. Now, if you have been following news here on Freezenet, you’ll likely recall all the news stories surrounding data breaches. Yesterday, we reported on the ever-expanding Equifax data breach. Last month, we reported on the 685,000 accounts compromised in the HardwareZone data breach. Fedex saw 119,000 accounts exposed in a data leak. Then there was the even larger Swisscom data breach where 800,000 accounts were compromised. February, for us, was a relatively quiet month because January was an absolute train wreck for data breaches. So, it likely runs contrary to reasoning that we should have more personal information online, but that is exactly what the age verification laws would require. It seems we aren’t the only ones to draw comparisons to the policy and the seemingly endless supply of data leak or breach examples. The Open Rights Group recently spoke to the BBC about this very issue. From the report: Myles Jackman, legal director of the Open Rights Group, said while MindGeek had said it would not hold or store data, it was not clear who would – and by signing in people would be revealing their sexual preferences. “If the age verification process continues in its current fashion, it’s a once-in-a-lifetime treasure trove of private information,” he said. “If it gets hacked, can British citizens ever trust the government again with their data? “The big issues here are privacy and security.” Mr Jackman said it would drive more people to use virtual private networks (VPNs) – which mask a device’s geographical location to circumvent local restrictions – or the anonymous web browser Tor. “It is brutally ironic that when the government is trying to break all encryption in order to combat extremism, it is now forcing people to turn towards the dark web,” he said. The behaviour Jackman discusses where people would be driven to VPNs is not simply a hypothetical scenario. In fact, we are seeing this very behaviour happening right now in the US with the rollback of network neutrality rules. Last week, we reported on how one VPN service is benefiting from the rollback of network neutrality rules. With fears of blocking of websites, Americans find themselves turning to VPN solutions. This means big business for VPN providers. The VPN provider featured in the report said that with the repeal of network neutrality happening, American’s have become their biggest customers. That, of course, breaks the pattern where the biggest customers often come from overseas where the Internet is generally considered more restrictive. With data breaches not being a matter of if, but when potentially driving people to VPN services, this puts VPNs on a collision course with ISPs and the law. As this plan moves ahead, the questions are going to eventually switch to how VPNs are treated. That, of course, is going to be a rather messy debate because businesses frequently use VPN services for their business needs online. An outright ban is going to put the government at odds with business. In addition, at the consumer level, you have the risk of a potential encryption arms race where ISPs fight to control the packets through their infrastructure and VPN services battling to keep their clients information private. Ultimately, it is a debate that will get ugly quickly. The age verification rules are set to go live next month. Drew Wilson on Twitter: @icecube85 and Google+.