More progress

About 10.00.p.m. last night the Digital Economy Bill completed its passage through the House of Commons. The key clauses on age verification had initially been tabled by Claire Perry MP with signatures from Members of Parliament from seven different political parties. The great news, previously relayed through my blogs, was that the Government, in essence, adopted Claire Perry’s amendments and made them their own. They went through without demur.

It is clear there are legitimate concerns around the privacy dimensions of how the policy will work in practice but as to the main idea – of using age verification to restrict access to commercial  pornographic web sites – no one expressed any opposition at all.

The Bill now goes to our second Chamber, the House of Lords, where it is likely to occupy their Lordships until mid-February-ish. No doubt there will also be a “run-in” period, as there was when age verification for online gambling was introduced, so it could be yet a while before the new regime finally kicks in.

Almost certainly in the Lords there will be probing around some of the privacy angles but the chances 0f any of  the key parts of the Bill affecting children  being materially altered are extremely close to zero. This was a Manifesto pledge and the elected House has spoken.

Well done Claire Perry and well done the Government and all the political parties that helped get this measure through.

The internet is meant to be all about innovation. This is certainly a major innovative initiative and I am very pleased the UK is taking it. The eyes of the democratic world will be upon us and when we have demonstrated that the approach works, you can be sure many other countries will follow suit.

As I have said before – the internet is a family medium, a children’s medium, just as much as it is anything else, and its rules of the road will have to reflect that. Goodbye Wild West. Hello civilization.

Posted in Default settings, E-commerce, Internet governance, Pornography, Regulation, Self-regulation

Community values trump dead Utopian vision

The debate taking place in the UK about the introduction of age verification for pornography sites is, so to speak, exposing a number of very strange arguments. Some are advanced by people such as the Open Rights Group (ORG) who are flailing around looking for any and every reason to be against the government’s proposals.

Entering into the spirit of the “post-truth age” which we all now seem to be living in, neither is the ORG averse to rearranging or distorting the facts. For example, in their opening salvos they spoke about the government planning to ban “erotica”. Untrue.  That word does not  appear anywhere in the Digital Economy Bill.  Moreover the BBFC is the body that will have the responsibility for implementing the legislation, and they know where to draw the line between erotica and pornography even if the ORG doesn’t.

We were told every type of pornography site is being hit. Incorrect. Only commercial sites operating on a significant scale will be subject to the legislation. Anyone who read the draft legislation would have seen that. The words are clear. So either ORG didn’t read the Bill or they did and chose to misrepresent the position.

Then in an interview in The Guardian we were informed that if Parliament passes the Bill with the age verification clauses in it we will be putting ourselves alongside Turkey and Saudi Arabia. Excuse me? In Saudi Arabia the intention is to deny access to pornography to everyone. That is not the case here. All the UK is trying to do is restrict access by children, in accordance with our existing laws.  Trying to establish guilt by  the smear of association is a desperate tactic at the best of times but when it is also based on a fiction it just seems, well, pathetic.

However, if only by accident the ORG has hit on a couple of points where I think they are on to something. One I agree with, the other I most decidedly do not. Let’s go with the latter first.

There are four types of pornographic material circulating on the internet. One is straightforwardly and indisputably illegal: child abuse images, and we already have a good way of dealing with them.   They are not at issue here.The second  is material which can be viewed in public cinemas or bought over the internet. It has been classified as 18 by the BBFC. Sites displaying this type of material will be caught by the new law. That’s logical.

Next is material which has been rated R18. Under our current law this should only be sold on the premises of licenced sex shops to persons over the age of 18. Yet it is always available online on commercial pornography sites. It shouldn’t be but given the practical difficulties – the very reasons why the Bill has been brought forward  – there have never been any prosecutions. It is a law honoured in the breach more than in the observance.

In the case of R 18 the UK government, in effect, is proposing to liberalise the law because in future such material will be lawfully available online on sites which have age verification. I’m ok with that.

Finally we have material which is so extreme or disgusting that the BBFC refuses it any kind of classification. I am not going to go into detail on a family show but if you want to know more you could do worse than look here. Yet this material is also viewable on porn sites currently easily accessible by children. That is wrong. It will have to go if the sites want to stay legal within the framework of the coming age verification regime.

Nobody is suggesting it is necessarily illegal for individuals to perform any of the acts listed but the question here is this: should images of such things be available and viewable on a medium where, worldwide, 1 in 3 of every user is a child,  rising to 1 in 2 in parts of the developing world? I don’t think so. By the way in the UK and within the EU the proportion is around 1 in 5.

I know the internet utopians hate to hear this but the internet today is a family medium or a family service as much as it is anything else and the rules of the road are going to have to reflect that.  John Perry Barlow’s vision hasn’t worked. That shimmering image has evaporated. Get over it and don’t blame child protection advocates.

The argument is about the supremacy of community values  over techno-determinism. The UK should be able to have the internet it wants for its children. I believe that up to now the UK has been failing in its legal  obligations to protect children by not having an age verification law of the kind being proposed. But, hey….that will soon be behind us so let’s not dwell on it.

Where do I align with ORG and its friends?

The core of my argument is around protecting children from age inappropriate material. On questions of privacy I think any and all solutions which are to be deployed to carry out age verification should be privacy friendly, privacy compliant and scam-proof. Although I am a member of the BBFC’s children’s viewing advisory panel  I am not privvy to their plans or thinking on this aspect but I would very much like to see some sort of arrangement  emerge which involves the Office of the Information Commissioner being given a role in deciding which age verification solutions are acceptable and which are not. I have grave reservations about simply using credit cards.

Posted in Age verification, Child abuse images, Default settings, E-commerce, Internet governance, Pornography, Privacy, Regulation, Self-regulation, Uncategorized

The finishing line is in sight!

The Digital Economy Bill is nearing the end of its passage through the House of Commons. When the Bill becomes law the UK will have an Age Verification Regulator (AVR). It will be the British Board of Film Classification , a trusted, respected, independent organization, over 100 years old, and well versed in making decisions about how to describe or classify different types of content in the interests of protecting children.

The AVR will be able to require commercial pornography publishers to introduce age verification so as to ensure persons under the age of 18 will not normally be able to view their wares. Among other things this will catch the so-called “free” sites which, in reality, are highly commercial. Failure to comply  with the age verification rules could attract a fine of £250,000 or 5% of the business’s turnover, whichever is the greater. Suppliers of ancillary services e.g. payments providers and advertisers are expected to cut off persistently non-compliant sites.

However, since all of the main sites are based overseas what if they just ignored the fine and found other ways of collecting revenues?

Last night the UK Government announced it will table an amendment to the Digital Economy Bill giving the AVR the power to mandate ISPs and other access providers to block persistently non-compliant commercial pornography sites. This mirrors what we do already with copyright infringing sites as well as sites containing child abuse images and terrorist materials.

In making this announcement the Government can be heartily congratulated on fulfilling its 2015 Manifesto pledge.

The misinformation and hysteria of the measure’s opponents has plumbed new depths of irresponsibility.  For example, anyone who bothered to read the Bill will see no sex education web site will be closed down or blocked as a result of this measure. Neither will small or amateur, non-commercial sites be affected. When everything has calmed down and we have had a chance to see that nobody’s free speech rights have been curtailed maybe we can revisit the issue.

In reality all the Government is doing is legislating to make it possible to enforce what is already the law of England. Here is an extract from the Crown Prosection Service web site. It contains advice issued following the decision in the Court of Criminal Appeals in R v Perrin.

where children are likely to access material of a degree of sexual explicitness equivalent to what is available to those aged 18 and above in a licensed sex shop, that material may be considered to be obscene and subject to prosecution. This applies to material which is not behind a suitable payment barrier or other accepted means of age verification, for example, material on the front page of pornography websites….. EWCA Crim 747 [2002].

The problem has been because the overwhelming majority of pornography sites are based overseas there was no practical way in which our law could be made to stick. Since Perrin there have been zero prosecutions of overseas pornography web sites for failure to comply with age related rules. The Digital Economy Bill simply introduces a regime which can work in a very straightforward and practical way that is well understood by everyone in the internet industry and is easy to explain to others.

The ironic or paradoxical outcome of the new age verification regime is that porn users’ privacy will in future be even better protected than it is now.

Posted in Age verification, Default settings, E-commerce, Internet governance, Pornography, Privacy, Regulation, Self-regulation

Careless meets sneaky

A while ago there was an uproar when it emerged that online businesses were, in effect, paying children to exploit their friendship networks to promote certain products, without disclosing they had a commercial relationship with the company that owned the thing they were speaking about so warmly.  Cases  were identified where children were getting paid according to the number of contacts they made thus encouraging them to engage with as many people as possible. This might have led some to connect with strangers.

The Bailey Review commented on it and the UK advertising regulator eventually stepped in to ban the practice but you have to wonder why anybody thought this would ever be an acceptable way to treat kids in the first place.

More recently, in the USA the New York State Attorney engaged with Viacom  (Nickleodeon), Mattel, Hasbro and Jumpstart. Attorney Schneiderman announced that these businesses did not comply with the Children’s Online Privacy Protection Act. That’s the one that limits marketing to under 13s unless a parent has given their consent.

It wasn’t the substantive businesses themselves that were directly in breach but they had allowed third-parties to operate on their sites and these were not  complying. Anyway the outcome was Viacom, Mattel, Hasbro and Jumpstart had to pay a total of $835,000 in fines and agree to a set of reforms. They are now mandated to vet the practices of all third-party services before letting them on their virtual properties.

Should these businesses have thought of this before? Probably, but aside from that two things spring to mind

  1. It took the Attorney General of New York two years to satisfy himself that a breach had occurred then bring his investigation to a conclusion. I do not know a single children’s organization anywhere in the world that has the resources or the alliances which would allow them to get anywhere near acting as a consumer watchdog in matters of this kind. It is not right that we should be so dependent on government agencies.
  2. Do we think the principle illustrated by this case could be extended to the platform providers that allow third-party apps to be sold on or through their services?
Posted in Advertising, Age verification, Consent, Default settings, E-commerce, Privacy, Regulation, Self-regulation

One last heave?

Life was simpler once. Governments in the liberal democracies were content to rely heavily on industry self-regulation as the principal means of addressing some of the problems that began to emerge with the arrival of the internet. Industry by and large loved such an approach. The fewer actual rules or restrictions, the larger the scope they had to innovate and experiment with new business models.

Right out of the traps  many free speech and civil rights groups objected to this approach. They argued if Governments are putting direct or indirect pressure on industry to behave in a certain way in order to deliver on  particular public policy objectives, they should do so openly, making their wishes or intentions known through established public policy mechanisms e.g. legislation and regulations. That way there would be transparency, there would be accountability and the playing field would be as level as it could be, at least in the sense that pretty much everyone would be bound. Compliance should not be à la carte.

My view always was, and remains, what matters is what works.  I don’t have a dog in the at times theological fight over processes.

However,  for all sorts of reasons it is now clear the areas within which internet self-regulation can continue to operate inside the EU are becoming vanishing small. The net neutrality rules, the AVMSD and, grandmother and grandfather of them all, the GDPR, are closing down or narrowing the spaces (maybe not always entirely satisfactorily).  If the Unfair Commercial Practices Directive is ever to be materially enhanced and national data protection authorities  or some other body takes it upon themselves to ensure that big internet platforms are delivering on their implied or stated (but unverified) promises about how they treat children we will more or less have covered all the key bits of the turf.

And yet

Yet even where hard law exists everyone recognises there are issues of interpretation and about establishing best practice which can benefit from open dialogue between a range of interested parties. Then there is the problem of perpetual change.  Every regulatory environment – self or otherwise – is bound to lag  behind real world developments. If they do nothing else, intelligently thought-through voluntary measures can hold the fort until the longer term picture becomes clearer.

This was the backdrop to an important meeting last week in Brussels which is looking forward to the launch, on 7th February next year, of the  Alliance to better protect minors online.  The Alliance will build on the work of the previous  Administration’s CEO Coalition. It was accepted there needs to be mechanisms for monitoring what is achieved under its aegis.

One area where there was broad agreement was in respect of the need for continued self-regulatory activity is in the field of education and awareness. Combatting bullying receievd special mention as did promoting good netizenship. True enough even here we  already see the state or its proxies assuming more and more responsibility but there is little doubt that both Governments and public alike can reasonably expect the industry to pitch in, helping to ensure children and young people themselves, their parents and teachers as well as other members of the children’s workforce are up to speed. The good news is large parts of the industry fully accept their continuing role and responsibility in these areas. The challenge is to reach out to more industry players to get them to sign up.

Watch this space.




Posted in Default settings, E-commerce, Regulation, Self-regulation

ICANN refuses to explain

Regular readers will know about the application made by the .Kids Foundation to ICANN to be allowed to run the proposed new .kids gTLD.  ICANN gave a contract to the Economist Intelligence Unit  (EIU) to help them assess the bid.

I have been around the child protection, children’s rights  and child welfare space for several years. I had never heard the EIU’s name mentioned as an authority in connection with anything to do with children. Had I missed something? I contacted the EIU. They refused to discuss it. The EIU referred me to ICANN.

In their reply to my questions ICANN told me

….the EIU was chosen because it offers premier global business intelligence services.

Not a convincing opening line given the nature of my enquiry but ICANN went on to quote from something called the Panel Process document, in particular the following:

The EIU is the business information arm of The Economist Group, publisher of The Economist. Through a global network of more than 500 analysts and contributors, the EIU continuously assesses political, economic, and business conditions in more than 200 countries. As the world’s leading provider of country intelligence, the EIU helps executives, governments, and institutions by providing timely, reliable, and impartial analysis.

The word  child  or  children  have yet to make an appearance. In fact they never do.

Then comes this

The evaluation process respects the principles of fairness, transparency, avoidance of potential conflicts of interest, and non-discrimination. Consistency of approach in scoring applications is of particular importance. In this regard, the Economist Intelligence Unit has more than six decades of experience building evaluative frameworks and benchmarking models for its clients, including governments, corporations, academic institutions and NGOs. Applying scoring systems to complex questions is a core competence.

I added the bold to that word transparency since it is clear it is singularly lacking.

ICANN then gave me some more cut-and-pasted quotes

  • All EIU evaluators undergo regular training to ensure full understanding of all CPE requirements as listed in the Applicant Guidebook, as well as to ensure consistent judgment. This process included a pilot training process, which has been followed by regular training sessions to ensure that all evaluators have the same understanding of the evaluation process and procedures.
  • EIU evaluators are highly qualified, they speak several languages and have expertise in applying criteria and standardized methodologies across a broad variety of issues in a consistent and systematic manner.
  • Language skills and knowledge of specific regions are also considered in the selection of evaluators and the assignment of specific applications.

So I wrote back with only one further question

Did you satisfy yourself that the EIU had (the necessary expertise) or did you simply rely on the EIU’s general assurances (that they had)…..?

Answer came there none.

I doubt the EIU has much of a clue about children and the online space thus, to be clear, I think they were wrong to accept a contract to work in  an area that is outwith their competence but equally ICANN should not have offered them the work without satisfying themselves the EIU  could do it properly.

Children’s interests are marginalized or overlooked once again.

Posted in Default settings, E-commerce, ICANN, Internet governance, Regulation, Self-regulation

Anonymity and porn

S1 (1) of the Obscene Publications Act, 1959, defines what constitutes a criminally obscene article. In the Court of Criminal Appeals in 2002, in the case of  R v Perrin, in the context of  material published on the internet, failure to take steps to prevent children from viewing such material was seen as a key ingredient in determining whether or not an offence under the Act had been committed.

However, to the best of my knowledge, since Perrin there have been no prosecutions of web site owners who publish pornography without an age verification mechanism in place. Why? Because of the practical and jurisdictional issues of enforcement. The relevant sections of the  Digital Economy Bill, 2016, can therefore be viewed as a pragmatic attempt to find a solution to fit modern circumstances. Yet some people are raising concerns. I understand why, but their fears are unfounded.

In the recent debate on the  Digital Economy Bill Liberal Democrat MP Tom Brake made the following point

I agree that denying children access to online pornography is essential, as is ensuring the privacy of adult users of legal adult sites….

In a similar vein the former Secretary of State, John Whittingdale, said

The other big issue covered by the Bill is pornography….and age verification. The Bill does not specify how age can be verified, and I must say that I am not entirely sure how the providers will do that. It will not be sufficient to include the question “Are you 18?”, along with a box to be ticked……

We must bear it in mind that the content that is being accessed is perfectly legal. Of course it is right for children to be prevented from accessing it, because that can be harmful, but it is legal content for adults……

There are a number of things to be said about this.

First of all at the moment unless someone takes special measures to prevent their browsers from handing over any information about them or their machine then it is extremely likely that in the mere act of visiting a porn site, even if you do not buy or actively download anything, you are in truth handing over data about yourself. This compromises your anonymity. I leave aside the possibility of any third-party surveillance that might be taking place on top of that.

Moreover unless Messrs Whittingdale  and Brake want to argue we should get rid of the existing real world laws altogether they need to convince us why, if it were to come down to a straight choice,  they might think it more important to protect adults’ rights to access porn anonymously than it is to keep harmful content away from kids.

Technology to the rescue

However, the good news for Brake and Whittingdale is that nobody has to make such a choice. Remember, unlike gambling sites a porn company does not need your bank or credit or debit card details or your home address. Porn sites only have to establish that you are 18 or above.

Technologies already exist which can prove someone is over 18 without revealing anything else at all.  In this sense the technology could be seen as being privacy enhancing.

Of course the companies that own the age verification systems have to do an initial verification of your age so it is vital that they are trustworthy and secure to the nth degree. There are several ways in which it can be established whether or not that is the case e.g. the Information Commissioner’s Office could tell us.

Posted in Age verification, E-commerce, Pornography, Privacy, Regulation, Self-regulation