20-25 Million UK Adults Risk Their Porn Habits Being Leaked Publicly

Derek Jarman’s notorious 1976 film ‘Sebastiane’ not only featured dialogue exclusively in Latin, it was also reportedly the first movie certified by the British Board of Film Censors (as they were then) to depict an erection. According to fellow British film-maker Alex Cox, Jarman claimed they "hid" the erection in question in order to smuggle it past the Censors; a claim which Cox states the former BBFC chief censor James Ferman completely refuted.

Forty years later and the British Board of Film Classification (as they are now, having replaced the totalitarian sounding ‘censorship’ with the more family friendly phrase ‘classification’) may face the more labour intensive erection inspection of ensuring that all commercial internet pornography consumed in the UK after April 2018 complies with the age verification requirements of the Digital Economy Act 2017.

This is because the DEAct prohibits “a person making pornographic material available on the internet” to anyone in the UK “on a commercial basis” unless that pornographic material is rendered inaccessible to children under the age of 18 by virtue of age verification software. The regulator will have the power to give notice to UK based Internet Service Providers “to prevent access to the ‘offending’ materials” by blocking material from appearing over those UK ISP’s. In free speech terms the groundwork for Hadrian’s Firewall has already been set in law.

Whilst the DEAct has now passed through Parliament, the age-verification regulator has yet to be designated (the BBFC are merely presumed to be the “regulator in waiting”) and the Act completely fails to address the users of age verification’s own privacy or data security. To put this in perspective, MindGeek (who reportedly own approximately 90% of the free adult “tube” sites on the internet such as PornHub) anticipate that twenty to twenty five million adults in the UK will sign up to MindGeek’s own age verification software “within the first month”.

Hence the State (the DCMS) may have passed regulatory liability to a non-Governmental body founded by the film industry (the BBFC); along with the responsibility for age verification software to a private sector pornography industry which has little to no data privacy and security experience (MindGeek’s PornHub, YouPorn, Digital Playground and Brazzers have all suffered security breaches in the past); and, perhaps most egregiously, with no safeguards specifically written into the law to ensure that over a third of its citizens’ most personal and private data is held privately and securely.

There is also nothing in the legislation to prevent MindGeek (or others) from scraping and selling the personal data they already hold, along with the age verification data they will hold, exploit both in tandem, or track users’ movements across their own sites and other sites that use the same age verification software. Furthermore, MindGeek’s enthusiastic engagement with Government throughout the political process has meant that the State may be about to grant MindGeek a dominant market position, thereby enshrining them as “the Facebook of porn”.

Whilst many of the political proponents of age verification accept that an absolute minimum of thirty percent of users will be technologically literate enough to obviate these controls by using VPN’s, proxies, or TOR; unless the BBFC and DCMS address these concerns it will be the remaining seventy percent of adult users in the UK who will be risking the privacy and security of their personal sexual information.

For the privacy and security reasons discussed above; along with the competition law issue; the tacit trade war created by blocking ‘foreign’ sites; and the fact that the Article 10 freedom of expression rights of the consumers of niche pornography have been entirely ignored, the Open Rights Group are extremely disappointed that the DCMS and BBFC have refused to engage publicly with any of these concerns until after the regulator has been designated.

Under those circumstances, in the public outcry after the inevitable Ashley Madison style hack occurs, perhaps the loss of confidence in State endorsed data security systems will lead to politicians reconsidering seemingly cost-free private sector technological solutions to perceived social concerns.

The opportunity to engage with these fundamental concerns is reaching vanishing point as the BBFC and DCMS remain unwilling to address any of these fatal flaws.

“Understand that sexuality is as wide as the sea. Understand that your morality is not law. Understand that we are you”. Derek Jarman