As of July 25, what the UK media regulator Ofcom deems ‘risky’ sites and apps must under the Online Safety Act 2023 use ‘age gating’ methods to identify which users are children, and then prevent them from accessing pornography, as well as self-harm, suicide and eating disorder content.
Dame Melanie Dawes, Ofcom’s Chief Executive said: “Prioritising clicks and engagement over children’s online safety will no longer be tolerated in the UK. Our message to tech firms is clear – comply with age-checks and other protection measures set out in our codes, or face the consequences of enforcement action from Ofcom.”
The watchdog says it has since launched investigations into the compliance of four companies – which collectively run 34 pornography sites. In April, Ofcom published its children’s safety codes of practice and guidance under the Online Safety Act; and set an August 7 deadline for some online services to submit records of their children’s risk assessments to Ofcom. For example, photo-display and sharing website Flickr has told its users under its terms of service that if they travel to the UK from overseas, ‘your Flickr experience will temporarily align with UK regulations’. “Your full account access and settings will be restored automatically once you leave the UK.”
Polling
Polling by the public opinion firm YouGov shows that, in the six days since the rules came into force, one in four Britons (26 per cent) surveyed say that they have encountered the new restrictions while browsing. A majority of people (69pc) were saying they support the new rules, including 46pc who do so “strongly”. However, the public are even less likely to think the new rules will actually work than they were before the changes came into effect. Now only 24pc of Britons think the restrictions will be effective in preventing under-18s from accessing pornography online. Details in full on the YouGov website.
Comments
Mayur Upadhyaya, CEO at APIContext, said: “It’s incredibly difficult to put the genie back in the bottle. These platforms have been accessible for so long that viewing them has become a deeply embedded habit for many young people. Going cold turkey overnight won’t work, especially if the only alternative is technical enforcement. We’re already seeing a surge in free VPN [virtual private network] use, which carries serious risks like malware, trackers, and compromised data.”
Lucy Finlay, Director, Secure Behaviour and Analytics at Redflags, said: “The requirements for certain websites to verify age by uploading a live selfie or a copy of an ID opens a whole new avenue of attack for cyber criminals and privacy questions for policy makers. Firstly, it invites setting up malicious prompts for ID verification on compromised websites, funnelling sensitive data away from unsuspecting users, who are being conditioned not to question giving away their ID.
“This is an example of “sludge”, where a nudge is being used as a friction or barrier to accessing what you want, so people are instinctively acquiescing to this request rather than question its legitimacy. Except it’s now not just pressing “accept all” on annoying cookie pop-ups … it’s giving away your ID or facial data. Secondly, it creates data regulation and privacy headaches, as foreign companies are engaged to carry out the verification service for the websites. Lastly, these companies are likely to be subject to increased scrutiny from bad actors wishing to get their hands on a goldmine of IDs and kompromat-worthy material associated with the “sensitive” material they are viewing. Do these risks outweigh the benefits gained, given these verification checks can currently be bypassed by a simple VPN?”
Brian Higgins, Security Specialist at Comparitech, said: “One of the more alarming emerging trends is the almost immediate mission creep of this legislation. The VPN issue was always going to deflate the effectiveness of any age verification measures, in fact it’s rather worrying that those responsible seem quite so surprised by this development. But due to the wide-ranging wording of the content potentially covered by the Bill, legislative compliance is impacting platforms and users in far more draconian fashion than may be deemed reasonable.
“Spotify is one service which has dismayed users by requiring AV and a prominent UK actor recently found he could no longer access pictures of his own children when posted on Social Media by their mother. Many more examples of the swingeing reach of this Bill will undoubtedly continue to arise so it’s no wonder people will look for work-arounds. Are Ofcom going to arrest everyone who uses a fake AI Drivers License to spoof their way on to Facebook or will they be too busy getting sued by the US State Department. Only time will tell.”
