The Digital Economy Bill (DEBill) is at the report stage in the House of Lords, a long way down the parliamentary process, and the concerns around AV and censorship of legal pornographic websites are still there. Today, further amendments have been published but unfortunately, they are too little and too late to limit the Bill’s harm to free expression and privacy of UK citizens.
The Bill is an example of how not to legislate for the Internet and complex social issues. Among other things, the DEBill, attempts to address the issue of under 18s seeing pornography, by forcing porn sites to implement Age Verification (AV). This ‘simple’ solution has been fraught with problems from the start.
Age verification - an unseemly scramble to patch it up
Age Verification is in a terrible mess. There are no privacy safeguards on the face of the Bill, which means that UK citizens could be at risk of having private information about their porn habits and sexuality leaked, hacked or exploited. ORG has repeatedly called for the privacy concerns to be addressed.
The Government now says that it “agrees that parliamentary oversight is necessary”. Their changes are published as amendments. One Statutory Instrument will spell out what is and is not to be censored (page one, altering Clause 15). A second sees the guidance from the AV regulator given statutory force (page four, adding in a new clause). A third regulates the regulator, adding in duties that have until now been forgotten (page five, adding a new clause).
If this sounds like a dog’s breakfast, then that is because it is. The Government is admitting that it has done its work so badly it will need to patch up the DEBill with three pieces of secondary legislation at a later date.
Apart from the democratic deficit of leaving the big problems to future, as yet undrafted secondary legislation, we need to ask whether the problems with age verification can be fixed this way. We are not confident they can.
The Bill allows the regulator, the BBFC, to regulate pornographic websites and ensure that they verify the age of their customers.The new clause says that a Statutory Instrument (SI) will provide guidance for “types of arrangements for making pornographic material available that the regulator will treat as complying”.
The Government claims this statutory “guidance” means that the BBFC can regulate the age checking tools and their privacy requirements.
However, this is rather dubious. AV providers are not mentioned in the Bill, only porn providers; the Bill does not spell out any power to regulate AV providers or what the duties might be.
Can the contents of this SI be applied to AV providers and impose privacy duties on them, if neither is mentioned in the Bill? How would the SI do this fairly and without exceeding the remit laid out for them in the Bill?
Website operators and Age Verification providers may wish to check customers’ age in all kinds of novel and potentially intrusive ways. They will have strong commercial reasons for doing so. It may seem to them be quite unreasonable for statutory instruments to go beyond the question of whether age is properly checked, and impose privacy duties not even referenced in the bill that run against their commercial interests.
The Bill therefore needs to be clear that it can regulate the AV providers, and not just the websites.
Consent and free choice
The SI would also need to ensure that users can choose their own tools. This point is essential. If the websites choose the age checking tools, then these will be chosen for the benefit of the websites, as either cheapest, or the best for tracking people, or simply the tool that everyone signed up to, whether or not it is private or safe.
It is not clear that the Government has understood the need for free choice and an open market. Previously, ministers have fallen back on claiming that data protection laws are sufficient, which they are not, as they rely on consent and free choice when you choose to relinquish some of your privacy. Consent is absent here, as everyone must use the tools in order to access the content.
To legislate this kind of structure into existence through SIs without any mention in the Bill is pretty unusual. It would be needed, but it is difficult to justify doing this through secondary legislation, which is meant to be about detail, not principle.
We cannot be confident that these problems will be fixed in the SI and by then it will be too late for Parliament to do anything about it. The absence of privacy duties is very worrying, not least because it suggests that the Government has not accepted that anything actually needs to be done.
Would safe Age Verification be enough?
It isn’t clear that even ‘safe’ age verification tools would be enough to prevent free expression harms. Some people won’t want to use these tools, and may not trust them. Ensuring they are safe would reduce the “chilling effect” but it isn’t clear that it will be enough to stop them creating a barrier to people accessing legal content, nor is it clear that publishers really should be given this duty.
Nevertheless, the Government should take its duties seriously, and ensure that privacy and anonymity are duties for the regulator, spelt out in the Bill.
The same applies to the censorship regime, which was added at the last minute.
Inadequate censorship safeguards
The government has not changed its mind about giving wide censorship powers to an administrative body, the BBFC. The BBFC will be allowed to censor any pornographic website that does not provide an Age Verification tool.
Most websites of course won’t implement Age Verification. The BBFC will therefore have a power that could be applied to millions of non-compliant websites. We are told that we should trust that the BBFC will only apply this power to block a small number, perhaps 100 major websites. This begs the question, what is the point? Blocking just 100 porn sites would not prevent under 18s from accessing pornography as there will be plenty of other sites for them to access.
This power would be a hostage to future demands to apply it more widely, to perhaps thousands more websites, in order to “make the Internet safe” for children, which would imply attempting extremely expansive blocking.
Once politicians realise that the vast majority of pornography is neither subject to Age Verification, nor blocked, calls to ramp up the number of blocked websites will be made, and the power will be available to block them. All that will be needed is more money and a change of policy at the BBFC.
On appeals, the response concedes that an independent body should review any appeals:
“The government accepts, however, that the appeal must be considered by someone independent from the original decision maker and will table appropriate amendments to require the Secretary of State to be satisfied that the appeal will be independent before designating the regulator. [...] Additionally, the Secretary of State may issue guidance to the regulator on this matter” [Digital Economy Bill: Government Response Clause 17(4) - appeal arrangements]
However, it does not envisage these involving the courts. This would mean that appeals might be dealt with narrowly, and fail to deal with free expression and association impacts adequately.
The Bill is clearly in a mess
The only conclusion we can make is that the Bill is so far from ready, so absent of safeguards, that these sections need to be dropped.
At this point, the Bill is meant to be in its final shape, and the Government is proposing its last amendments. There is of course a slim chance that the Opposition could force a vote to insert privacy safeguards. This would be unlikely to be enough, given the stage we are at at.
The only sensible course of action is to remove the entire section from the Bill.
 “The manner in which age verification technology operates will be fluid given the pace of technological change … the regulator should remain responsible for the production of guidance about the types of arrangements for making pornographic material available that it treats as complying with being “not normally accessible” to persons under the age of 18, but. The government will table amendments so that that the guidance must be laid before Parliament subject to the affirmative procedure for first exercise of the power and the negative procedure thereafter.”
“We are planning to underpin these changes with the introduction of a clause which will give the Secretary of State Power to publish guidance, which the regulator must have regard to, as to how the its exercises its functions, including the guidance it produces.” [Digital Economy Bill: Government Response Clauses 15(3), 21(9) and 22(7) - the regulator’s guidance]