Gov Tighten Online Safety Laws

By   ISBuzz Team
Writer , Information Security Buzz | Feb 09, 2022 07:31 am PST

The Digital Minister Chris Philp has announced that the Online Safety Bill will be significantly strengthened with a new legal duty requiring all sites that publish pornography to put robust checks in place to ensure their users are 18 years old or over. This could include adults using secure age verification technology to verify that they possess a credit card and are over 18 or having a third-party service confirm their age against government data. If sites fail to act, the independent regulator Ofcom will be able fine them up to 10 per cent of their annual worldwide turnover or can block them from being accessible in the UK. Bosses of these websites could also be held criminally liable if they fail to cooperate with Ofcom.

More information https://www.gov.uk/government/news/world-leading-measures-to-protect-children-from-accessing-pornography-online

The following experts have provided commentary on this:

Subscribe
Notify of
guest
5 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Yaniv Balmas
Yaniv Balmas , VP of Research
February 9, 2022 3:31 pm

The new Online Safety Bill published by the Digital Minister is a great step forward for protecting our children and creating a safer and more controlled internet content.

However, I believe there is still a big gap that needs to be bridged between the bill’s motivation and it’s effective implementation. Children today are sophisticated, at times even more than their parents, and creating an effective age verification process – that cannot be trivially bypassed by underaged kids – can be very complex.

Yes, age verification services do exist today – and are in fact quite common in some online business sectors. However, we must remember that the most effective age-verification methods require users to share their personal information, whether it is their photo, ID, phone number, credit card or anything else.

This is somewhat a double edged sword; while it will certainly help reduce the exposure of these websites to underaged, it also creates a privacy concern in which porn sites will now have the theoretical ability to identify their previously anonymised users, and protecting this data will now be shifted to their responsibility.

In fact, the privacy threat can be even greater if the government will try to assist the process by allowing companies access to citizens’ information by issuing a new government backed API solution – which might actually put the entire database at risk from malicious actors looking to abuse it.

Last edited 2 years ago by Yaniv Balmas
Brian Higgins
Brian Higgins , Security Specialist
February 9, 2022 3:17 pm

The Online Safety Bill is certainly more impactful in its language and intention than anything that has come before. Unfortunately, the Internet is incredibly difficult to police. Any attempts to legislate or regulate domestically are usually met with obfuscation and/or relocation by the major platform providers who have the resources to circumvent many of the proposed measures. They may well appoint UK ‘Safety Controllers’ to appease the regulations but in effect, any attempt to enforce change or penalise inappropriate business practice will most likely fail. Protecting children from harmful content is a laudable aspiration but is also fairly unfeasible. If businesses and servers are located abroad it will be very difficult to control them with UK legislation. It’s also much easier to circumvent many of the protective measures outlined in the draft Bill. Most people these days are aware of VPNs as they are recommended security measures for a lot of online activities like working from home etc. They are also growing in popularity as a measure to mask individual online searches and streaming. In fact, according to Google Analytics, UK traffic to Comparitech.com\’s pages regarding the use of VPNs to protect privacy whilst accessing adult content is up by 24% since 14th December 2021, when the committee report on the Online Safety Bill was initially published. In this case, Security begins at home. Anyone with responsibility for young people should check the NCA’s Child Exploitation and Online Protection (CEOP) Command ‘Think you know’ programme: Parents homepage (thinkuknow.co.uk). It’s also a good idea to follow CEOP on Twitter for content updates: @CEOPUK.

Last edited 2 years ago by Brian Higgins
Javvad Malik
Javvad Malik , Security Awareness Advocate
February 9, 2022 3:16 pm

The government has been trying to roll out some variation of these measures for many years. While the intent behind these measures may be good, the execution is deeply flawed. 

Firstly, it will be trivial for anyone intending to reach porn sites to do so. Whether that be through using someone else\’s identity or simply by using a VPN to appear as if they are based in another country.  

Secondly, and perhaps more importantly, there is a huge overhead to collate, validate, and store peoples’ sensitive information in order to access the content. History has shown us that such databases are nearly always prone to being breached at some point or another.  

Finally, and perhaps more importantly, there are issues that concern under 18s that are far greater, such as cyberbullying, revenge porn, and even deepfakes, none of which will be addressed by this bill.

Last edited 2 years ago by Javvad Malik
Jon Andrews
Jon Andrews , VP of EMEA
February 9, 2022 3:14 pm

It is an interesting topic as age restrictions on pornographic material on the internet would certainly help with societies problems when it comes to misogyny, violence towards women and sexism, which need to be directly addressed.

On the other hand, it is important to ensure that regulation don’t become restriction. The internet should be free and available to all, and regulations that can better society are certainly welcome. Credit card verification, however, can be a restrictive measure that might encourage people to obtain one in order to access certain parts of the internet, so less invasive forms of identification might be preferable.   

These restrictions will also require websites to store personal identifiable information. This adds a component of risk for users, who will need to trust these entities with highly sensitive data. Unless government bodies consider this aspect and scrutinise the security policies of these websites, the move could have serious privacy implications and might motivate threat actors to launch campaigns aimed at stealing credit card details and other valuable information.

Last edited 2 years ago by Jon Andrews
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
February 9, 2022 3:13 pm

This announcement is very welcome; countless studies have shown the detrimental effect online pornography can have on the way young people understand healthy relationships, sex and consent. So limiting access to extreme content should be applauded.

However, despite the commitment to user privacy outlined in the government’s announcement, the process may pose security risks for adults. Data is the lifeblood of cybercrime and adding an extra step that requires the transfer of personal data (for verification) could well make adult sites a key target for criminals. Of course, this risk is far outweighed by the potential benefits, but it’s worth sounding a cautionary note and urging adults who use these sites to be as diligent as possible.

Last edited 2 years ago by Jamie Akhtar

Recent Posts

5
0
Would love your thoughts, please comment.x
()
x