The Online Safety Act (a terrible piece of legislation which has been made law in the UK) brings into focus a group of people who know nothing about how the Internet works. And that group of people are – mostly – Labour Party Members of Parliament (because the OSA was passed into law by them). They could have killed it, they could have called in industry experts who would have advised on it, they could have called in technical specialists who would have pointed out the horribly obvious shortcomings of the legislation. But no, that would have meant sitting down with people who know better, people who understand how things work and one thing the current Labour Government is proving itself to be really very good at is not listening to experts.
Let’s start with a basic understanding:
Websites get hacked
Not all websites, obviously. Some are incredibly professional and scrupulous in their approach to user safety and data security while others… well, others just aren’t either professional or scrupulous
How does the OSA work?
The OSA requires age verification. In a nutshell, every single user in the UK who wants to access content of an adult (18+) nature is required to verify their age before they can access that content
Well that’s OK isn’t it?
No, it really isn’t. The age verification this egregious piece of legislation has put in place is third-party age verification
How does third-party age verification work?
The user must show their driving licence or their passport to a third-party which is chosen by the adult content platform
Oh damn. What does this mean?
The OSA specifies no user data security or safety mechanisms around this type of third-party age verification service. Not a single one. These age-verification services could be in any country in the world and they could be run by any number of unscrupulous individuals. There’s nothing in the OSA about protecting the users data, nothing at all! The user presents a third-party website with a copy of their passport and/or driving licence and essentially there are no safeguards around what happens to that data. That users data could be available on the Dark Web within 15 minutes. This is a terrific example of really bad legislation
Is there any way around this problem?
The user doesn’t have to photograph their passport or driving licence. Whew! Close call. They can self-verify with the same third-party by having their photograph taken and entering a bunch of private data but, let’s say the quiet bit out loud… it’s with the same age verification service and this means it’s the same thing! The user is still giving their personal data and their photograph to an unknown third-party which was chosen by a (probably) foreign website in the blind hope that nothing is going to go awry. Newsflash… It’s going to go awry. There will be data leaks. There will be data for sale. Users will be subject to fraud. And why? Because the OSA provides absolutely no protection for the users personal data.
What’s the solution?
The UK Government could fix all of these problems if they could get a grip on what the problem really is, but they’re too busy chasing headlines and running after tabloid scare stories which don’t actually exist. Ah well.
So, I could send my private personal details to a third-party… or I could use a VPN and pretend I’m not in the UK?
That’s a tough one.
I don’t blame the government for trying to do something, but what they have done is pretty much next to useless and can be easily circumvented by just about anyone… of any age. The govt have completely underestimated how tech savvy your average 13 year-old is, nowadays.
I don’t think there actually IS a solution to this problem.
And yet, according to this article, some of our MPs (including Labour MPs) are all over VPN use (even if they’re not very savvy at working out appropriate tariffs) and they’re claiming it back on expenses!
https://www.tomsguide.com/computing/vpns/nordvpn-is-the-most-popular-vpn-amongst-uk-politicians-but-theyre-not-getting-the-best-deals
Of course… they claim EVERYTHING back, right down to the last penny.
If they put as much effort into running the country as they do in compiling their expense claims, we’d probably not be in the shit state that we are.
Maybe.