2017 saw the introduction of the Digital Economy Act (DEA) by the UK government to address certain issues in the online world, including the stated goal of protecting minors from pornographic content. This has led to the introduction of regulations pertaining to age verification controls for adult websites, which are still undergoing their final review from the British Board of Film Classification (BBFC) and the UK Government. The ongoing delay presents a great opportunity to break down what this new verification will mean for the everyday individual.
What will it do?
From the date the law goes live, which is expected to be by the end of 2018, all pornographic websites accessible from within the United Kingdom will be required to age verify their visitors before displaying any adult content. This means that users will see a screen, on the front page of all adult sites they normally visit, prompting them to verify their age. Sites are free to choose which age verification methods they use, but all must comply with the law. The customer will choose how they wish to be verified, provide their information, and then enter the site as normal.
The amount of different age verification systems could be quite large, with some sites using their own, or taking 3rd party software like AgeID. This means users could be verifying multiple times just to move between their favourite adult sites, which isn’t a great experience.
AgeID will be protecting many big sites such as Pornhub, YouPorn, and Brazzers, plus thousands of others. This will make the user journey far better, as a customer need only verify once in AgeID and can then surf between all AgeID protected sites seamlessly. If they switch device or access via incognito mode, they simply login to AgeID rather than going through the verification process again.
The penalties for non-compliance are high. The regulator can block sites at ISP level, request their social media accounts are removed, and ask payment processors (Visa/Mastercard) to stop processing all their payments, globally. Whilst these are certainly severe, the law mandates a proportional approach to enforcement, which means the regulator will start with the top 100 sites and work their way down.
With over 4 million adult domains online it will be quite a task for the regulator to enforce and there are concerns that many adult sites will remain non-compliant during the enforcement process. This would leave responsible, compliant sites at a significant disadvantage, allow children to continue finding adult content, and introduce the added danger that pornography from less trustworthy sources will be more prevalent and accessible.
Privacy issues – what will happen to your data?
There are many companies responding the proposed law, and while we cannot comment on each of their verification systems, we can confirm that when AgeID is live, the platform will not and cannot store any age verification data.
Since the law was passed in April 2017, there have been many age verification methods suggested, including Mobile SMS, Credit Card, Passport and Driving License, but guidance from the regulator has yet to be finalised. We will be using a wide range of methods, provided by multiple 3rd party companies, which will give the user freedom of choice.
In order to first register with AgeID, a customer will create an account using an email address and password. This is to ensure ease of use for the customer, so they can return to any AgeID site without going through the verification process multiple times. This login is not stored in the usual manner in which an authentication system stores such information. Both email address and password are encrypted via a one-way hash, creating an anonymised reference, a token, that cannot be reversed engineered to reveal the original data. In essence, as soon as a customer enters their login credentials, AgeID anonymises them. This ensures AgeID does not store a list of email addresses. We cannot market to them, we cannot even see them.
A user will then choose their preferred verification method from within AgeID, then leave AgeID completely to input their information into their chosen, approved 3rd party site. This ensures that AgeID cannot even see, let alone store, any data entered during the age verification process. The 3rd party company then simply reports back a pass/fail flag to AgeID. No date of birth, no name, nothing more than over/under 18.
Does it cover all the bases?
The current legislation only applies to pornographic websites, and as the BBFC recently admitted, will not be able to restrict viewing on social media sites, such as Facebook, Twitter and YouTube. In this day and age, pornographic material can be viewed on a number of different platforms, and the limitations in the law means there is still a risk of children stumbling across adult content, leaving them no more protected then they are today.
We believe parents are always best placed to supervise their children’s online activity, and the current law runs the risk of sending the wrong message to parents; that they can take their eye off their children’s browsing habits.
A separate issue arises when one takes into account virtual private networks (VPNs). They allow users to bypass the age verification unless the VPN itself has age verification software installed, such as VPNHub, who are currently assessing the technical feasibility of adding age verification in order to avoid circumventing the UK law.
What does all of this mean for you?
While verification to adult sites is new, it has been in place for gambling and in the purchasing of alcohol for some time, and will not impact your ability to access the sites. AgeID’s technology ensures there will be no risk of being able to link an individual to a sexual interest, one of the biggest concerns associated with the law. We hope that the regulator will have the resource and power required to ensure other age verification systems or merchant developed age gates stand up to scrutiny on this important topic. Finally, with AgeID, there will be no cost to the user of pornographic websites for verifying their age, once you have verified you will not need to keep entering your details each time, making the process as simple and painless as possible.
The law is expected to be enforced later this year, from which point AgeID will be available to every adult website accessible in the UK.
James Clark, Director of Communications at AgeID
Image Credit: Scyther5 / Shutterstock