Who is serious about On-line Harms?

1) DCMS kicks the can down the road – again

The deadline for submissions to the DCMS consultation on On Line Harms  is July 1st. The NAO report politely savaging the UK failure to join up its approaches to tackling organised crime was released today. Organised crime derives much of its revenue from the On-line harms listed in the DCMS white paper. This is co-signed by the Home Secretary. No-where is there any indication in the white paper of the need to join up policy and policing. It is as though the departments still live in parallel Universes.

Meanwhile the timescale for implementing the Age Verification has been delayed again . It is well worth reading the reactions of the House of Lords to the statement . They did not believe the reasons given any more than did the technical press. When DCMS last kicked this particular can down the road they denied it would be further delayed . Pink News then interpreted “three months” in Whitehall speak as the end of the year.  Techspot has more recently interpreted six months as manana .  This is not a victory for “freedom of expression“. It is another own goal in the fight against organised crime and abuse. The extra time should be used to see whether a simpler solution, e.g. audits against processes which meet the BSI’s PAS 1296, would better protect the privacy of both adults and children.

2) And can expect to pay a price

The excuse given by DCMS is probably open to legal challenge from as many directions as its approach to implementing the Age Verification legislation. Those who believed the original timetable spent £millions developing the necessary “age gates” and gearing up to handle the expected volumes of traffic from July onwards. That work has now been halted amid growing scepticism that the law will ever come into force, let alone be properly regulated and/or enforced. Lay offs and cutbacks are now certain. The DCMS credibility cap, (which dates back to when it “leaked” the e-mail addresses of over 200 technical journalists at the original launch of the scheme )  has widened. We can expect those affected to seek assistance in rectifying the damage.

3) Meanwhile British Industry has produced a global solution

More significant, but unpublicised, is that British service providers have delivered on the promises made when David Cameron was persuaded to announce the original plans for legislation .
The day after Jeremy Wright announced the delay in implementation, Telemedia carried the news that not only had the UK first supplier been audited against the extension of the existing Age Check Certification Scheme  to cover on-line checking using PAS 1296 . The PAS is now probably on its way to becoming a global standard. The service is fully operational and was used for the Web Portal for the Channel 4 Documentary “Mums Make Porn”.

Age Checking is not, of course, just about protecting children from accidentally accessing porn, or from having their age controlled social networks penetrated by adult predators. The members of the embryonic Age Verification Providers Association  do most of their business with the suppliers of other controlled products and services, such as alcohol, gaming or tobacco.  More-over this is a global business. UK-headquartered players like Experian and Lexis Nexis compete with those, like Facebook and Google, who seek to use their domination of Internet Access and Social media to invade the trusted identity market and link it to their big data business models.

4) Who is trusted by Who?

At this point it is worth looking at the annual Edelman Global Trust Barometer to add context.  Last year saw a collapse in UK confidence in Government. It has not recovered. This year saw a similar collapse in trust in social media, particularly across Europe and North America. “On-line only” media are now significantly less trusted than “traditional” media. Meanwhile brands headquartered in the UK are more trusted than those headquartered in the US, but not as trusted as those with HQs in Germany, Japan or Switzerland.  The global brands, on whose advertising spend the business models of Facebook and Google rely, are looking to halt “contamination” by association with the “on-line harms” listed in the White Paper. They plan to do so by taking back control of programmatic advertising.

5) Facebook and Google have no choice but to respond

There is a simple explanation for  Nick Clegg’s welcome, on behalf of Facebook, for Government Regulation . Facebook has less to fear from governments than from a revolt by global advertisers. The track record of regulation in this space is deeply unimpressive. By contrast they face an existential threat if they cannot provide a credible response to the pressures from global advertisers . The latter have been so badly burned by click-bait fraud, linked to free porn at least as often as to fake news, that they will not be content with ticking a few regulatory boxes. They will demand audit that is at least equivalent to the processes of the controlled circulation media . This is likely to include using third party Age Checking, just as the main security consultancies (including the big four accountancies) have had to use third party penetration testing operations. No one trusts big players to mark their own homework.

6) So Age Verification moves centre stage globally

At this point the work of UK Age Verification providers in producing robust processes for anonymising the use of secure and authoritative third-party identity databases (from the credit, education, financial services and health industries, as well as government) come into their own.  They should not be viewed as a threat to either the big data business models or the privacy paranoia industry. They complement both.

But where does that leave Government and DCMS?

They appear to have painted themselves into an embarrassing corner – seeking to sustain an idiosyncratic approach to age-checking which fits neither the relevant UK legislation nor that of the EU.

Can they use the six months delay to produce a simpler, cheaper way forward, perhaps based on using audit against PAS 1296 in the context of EU data protection requirements?

Or will they be stuck, defending the indefensible, against all comers – from the Child Protection charities to the Open Rights Group?

Positioning the UK as a globally trusted on-line hub for inter-operable authentication, authorisation, audit and quality control goes hand-in-hand with retaining our position as a world class financial services hub. It also needs privacy processes that are sufficiently robust to the protect the finances of the ruling elites of the world from their security services (as successive US Presidents failed to protect themselves from J Edgar Hoover) and their children from abuses.

I would also like to see effective protection for the rest of us – now that the Internet is used by over half the children in the world.

My new role with the local Safer Neighbourhood Board has led me to discover just how little the “other half” of society trusts either Government or Global Big Tech. The Edelman analyses also reflect the views of the inner city youth and faith groups to which I have been listening. The consequences for the advertising funded Internet are profound.  I am therefore prepared to bet a pound to a penny that Facebook and Google will embrace third party audit, including for their age checking process, before Government implements effective regulation.

I would of course be delighted to be proved wrong. But money talks rather more coherently than Government.