In Britain, the government has finally figured out how to present going back in time as progress. They’re going to force people who want to view pornography (as they define it) online to buy an official government pass from the corner shop.
You can tell it’s real news – it sounds like satire.
Her Majesty’s Government and the Internet: We Don’t Know and We Don’t Care
The British government has a strange relationship to pornography. On the one hand, they keep being caught with it on their work computers.
And on the other hand, they seem to think it’s a kind of duty to stop everyone else watching it.
It’s all part of an attack on the open internet that mixes technophobia with authoritarianism; Home Secretary Amber Rudd is on record as saying that she doesn’t need to understand how tech works to pass laws about how it should be used.
And I don’t need to understand how your car works to tell you that it’s bound to move faster if you feed it more oats.
To the future!
The latest flailing effort, left over from the election manifesto that secured the government a minority in Parliament, is to use something everybody knows is wrong, bad and evil to attack the internet’s free and permissionless space.
But bad people will use it!
For anyone who’s been paying attention to governments’ efforts to regulate behavior online, this is old wine in the same old bottles: ‘but criminals will use it to sell drugs and distribute pornography!’ has been the cry of knee-jerking cops and vote-hustling, would-be strong-arm politicos since Usenet. (The same kind of person said the same kind of thing about the printing press too.)
So here we are: the British government has figured out how to stop underage people from seeing pornography.
Compulsory age verification on websites.
Wanna see? Tick the box
Trouble with that is, it usually relies on just asking people to verify their ages by ticking a box – and as you can imagine, these verification pages basically read: You can have what you want if you tick this box. So, most folks tick the box.
Some way is needed to connect a person’s real, offline identity with their online behavior.
That sounds complicated, but fortunately the british government doesn’t need comprehension to pass legislation, so they have a solution.
The Porn Pass is Real
Users present their local newsagent with ID – a passport, say. And they pay a one-time fee, expected to be around £10 ($15 or €11).
Then, the newsagent issues that person with a card with a unique identifying number that allows them to sign in to all the pornographic websites their heart desires.
It’s already being called the ‘porn pass’ in the press. The measure was supposed to roll out in April this year (the first would have been a good date), but they couldn’t figure out how to make it work.
What could possibly go wrong? Surely this will prevent young people from seeing pornography!
Well.
First things first: I’m not crazy about some random, probably unelected civil servant deciding what is and isn’t ‘pornography.’ Have you ever seen a really convincing definition of what that word actually means?
Even Supreme Court Justice Potter Stewart could only say that he ‘knew it when he saw it.’
So a big area of the law is going to be left open to a decision by someone who doesn’t know anything about the subject. Not that a competent censor would be OK, but censorious attitudes have a history of banning things they don’t set out to ban: from Buñuel’s Viridana to Symantec censoring access to safe-for-work LGBTQ content on public wifi, no-one comes out of it looking good.
Attacks on free speech and free enquiry tend to proceed by ‘salami tactics’ – one slice at a time. And the UK is several large slices in already.
Government and small businesses will lose your private data. Guaranteed
I also don’t think we should be adding to the amount of data government keeps on citizens’ internet use, at least not until they can demonstrate that they won’t leave it on the bus.
And that kind of brings us to the main point.
When you have a lake of data that contains the real IDs of people who watch porn, which sites they visit and when, you have painted a bull’s-eye on millions of people. How confident are you that this lake of data will be adequately protected?
Just look at the leaks of data we’ve seen in the last few years. Yahoo had every single user account comprehensively hacked – and Yahoo is a tech company.
Can we expect better from a government that thinks it doesn’t need to understand things to regulate their use?
In a word: No.
The UK government – like all organizations that routinely collect large amounts of data – is frighteningly cavalier with it, and like most governments in particular, not that competent.
Local data lakes will be held by newsagents – small, mom-and-pop corner stores, often owned by families who run their businesses on dilapidated, decade-old consumer desktops. Considering how trivially easy it is to just roll through the suburbs hacking people’s routers, the government doesn’t even need to screw this up: it can outsource that to small businesses.
So, the question isn’t ‘will it be lost?’ It will be. The question is, when it is, what will that look like? Well, we can imagine the effects on, say, gay people who aren’t out to their families. In some cases lives could be in danger.
And as blackmail fodder it’s priceless. All you’d have to do would be to hack local newsagents in upmarket areas, then scan for those names on LinkedIn, and you have one of the most powerful spearphishing attacks imaginable.
Lives will be lost, millions will be lost, and the government’s response will be to double down on futile, inoperable, dangerous regulations.
Can the ‘porn pass’ be circumvented? Yes
And all of this ignores the obvious: the way you tell where someone is located when they visit a website is by checking their IP address.
Gee, if there was a commonly available tool for disguising IP addresses, that would make this whole exercise futile, dontcha think?