Digital rights advocacy group Open Rights Group is accusing the government of negligence thanks to privacy concerns in the age verification laws.
Last May, the UK government passed the so-called Digital Economy Act. The act was passed during a wash-up just prior to the election. Among the controversial provisions were 10 year prison sentences for file-sharers and age verification laws.
In December, it was announced that the BBFC (British Board of Film Classification) would manage the controversial Internet age verification laws. This sparked fears that these provisions would be implemented soon. After many questions surrounding the laws, the British government revealed that the laws would be delayed until “before the end of the year”. It was a mild reprieve, but a reprieve nevertheless.
The age verification laws would mandate websites that deal with explicit material to implement government mandated software that would verify the ages of their users. As such, these websites would hold on to massive databases containing personal information about their users. Should a website that deals with explicit material not implement the British governments mandated software, they would be blocked at the ISP level.
A lot about that is controversial. One aspect is that because these websites would hold on to such information, that would make them targets to hackers who would want to unearth embarrassing information about people like politicians.
Indeed, over the last several months, we’ve observed time and time again that database leaks and breaches occur with scary regularity. In the last month alone, we’ve observed many breaches and leaks. April began with the Saks and Lord & Taylor breach where 5 million credit cards were compromised. This was followed up shortly after with the Panerabread data leak which may have compromised the personal information of about 37 million people. After that, there was the Sears and Delta data breach. Information later came to light that that particular data breach also impacted Best Buy and Kmart, though it is unclear how many were impacted by it. The month ended with a bang with the VNG data breach where 163 million accounts were compromised.
Now, it seems that digital rights organization Open Rights Group (ORG) is calling out the government, blasting them for negligence. From the organization:
We asked the BBFC to tell government that the legislation is not fit for purpose, and that they should halt the scheme until privacy regulation is in place. We pointed out that card payments and email services are both subject to stronger privacy protections that Age Verification.
The government’s case for non-action is that the Information Commissioner and data protection fines for data breaches are enough to deal with the risk. This is wrong: firstly because fines cannot address the harm created by the leaking of people’s sexual habits. Secondly, it is wrong because data breaches are only one aspect of the risks involved.
We outlined over twenty risks from Age Verification technologies. We pointed out that Age Verification contains a set of overlapping problems. You can read our list below. We may have missed some: if so, do let us know.
The government has to act. It has legislated this requirement without properly evaluating the privacy impacts. If and when it goes wrong, the blame will lie squarely at the government’s door.
The group went on to list 22 concerns they have for people’s privacy on the matter.
The posting is a follow-up to last months submission in the consultation process to implement the age verification laws. At the time, the organization pushed hard against the proposal and noted several other supporting submissions in the process:
On the 23rd April 2018, the British Board of Film Classification (BBFC) closed their consultation on their age verification guidelines for online pornography. The consultation called for the public’s views on the guidance that the BBFC plan to issue to the providers of age verification tools.
Under the Digital Economy Act, websites will soon have to ensure that all UK users are above the age of 18 before allowing them to view pornographic content. As the age verification regulator, it is the BBFC’s job to dictate how these age verification systems should work.
Open Rights Group submitted a response and highlighted a number of issues with the proposed age verification system. Today we are publishing our full 22-page consultation response, which you can find linked in this blog post. We are also grateful to all the members and supporters who used our online tool to submit their own responses to the BBFC. We counted over 500!
If anything, a lot of our observation corroborate with the notion that what is being implemented is a privacy bomb waiting to explode. With so many leaks and breaches already happening, it seems almost nonsensical that the best move is to put more personal information in databases being held privately. If companies can’t be trusted with credit cards and e-mail addresses, how can they be trusted with people’s personal information being associated with pornographic websites?
One thing is for sure, even with the law being passed, digital rights advocates are not giving up the fight for personal privacy.