WhatsApp Reportedly Rejected UK Government Demand For Encryption Backdoor

from the under-pressure dept

The UK government has apparently already asked WhatsApp to provide it with an encryption backdoor, according to Sky News. The app developers were told they needed to come up with a way to give law enforcement access to message content but WhatsApp politely declined the probably not-all-that-polite "request."

That doesn't mean WhatsApp doesn't have anything it can give the government when it comes asking.

Sky News understands that WhatsApp co-operates with law enforcement to provide the metadata it does hold - the name of an account, when it was created, the last seen date, the IP address and associated email address.

WhatsApp says it "appreciates the work that law enforcement agencies do to keep people safe around the world. We are prepared to carefully review, validate and respond to law enforcement requests based on applicable law and policy".

But it does point out it can't give law enforcement what it doesn't actually have.

[T]he company argues that it can't provide data that WhatsApp itself does not collect in the first place, including the contents of a message.

Encryption didn't seem to be much of an issue in many recent terrorist attacks, but its use is undoubtedly on the rise. It's unclear what the government showed or told Sky News, but this assertion seems dubious at best.

Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

As is the case over here, law enforcement officials are arguing WhatsApp and other encrypted message services should sacrifice user security for the good of the government. While cybersecurity experts continue to point out the nonexistence of backdoored-but-secure unicorns, intelligence officials continue to assert it can be done. All that needs to happen is for messaging services to make their products a little bit less safe.

UK intelligence officials believe a compromise could be possible - pointing out that cybersecurity isn't binary and that services offer different levels of cybersecurity to deal with different levels of threats.

WhatsApp is unlikely to budge on its backdoor rejection, leaving it with the real possibility of exiting the UK market if the government turns its requests into encryption-targeting law. And, as the UK goes, so goes Australia. The Australian government has been echoing the anti-encryption rumbling of Theresa May and other officials, indicating it too would like encrypted services to not be quite so encrypted.

It's not as though UK law enforcement/intelligence services don't have lawful options if WhatsApp refuses to budge. As cryptography expert Riana Pfefferkorn points out, there's more that can be done, even if it won't be as easy as firing off a warrant.

Riana Pfefferkorn, a cryptography policy fellow at Stanford University, said she sees a legal battle coming if the UK continues to force the issue, but she doesn't necessarily think the UK wants that fight.

If courts determine that the Investigatory Powers Act is too broad, the public defeat in their fight against encryption would be a lot for the UK to overcome. Instead, Pfefferkorn said the government might just try hacking for the information they want, a power that the IP Act also allows.

"There are other avenues they can take to try to achieve the same end," she said.

For now, WhatsApp message content is still out of reach of everyone but users engaged in conversation. Metadata and lawful hacking are still in play, even though most officials prefer an easier route. If pressure continues to mount, WhatsApp may exit markets rather than compromise its users. As much as intelligence officials may believe cybersecurity to be something other than "binary," the companies they're applying pressure to really only have two choices: give in to the government or exit market left. Neither are palatable options.

Filed Under: backdoors, communications, encryption, uk
Companies: whatsapp

Insanity: Theresa May Says Internet Companies Need To Remove 'Extremist' Content Within 2 Hours

from the a-recipe-for-censorship dept

It's fairly stunning just how much people believe that it's easy for companies to moderate content online. Take, for example, this random dude who assumes its perfectly reasonable for Facebook, Google and Twitter to "manually review all content" on their platforms (and since Google is a search engine, I imagine this means basically all public web content that can be found via its search engine). This is, unfortunately, a complete failure of basic comprehension about the scale of these platforms and how much content flows through them.

Tragically, it's not just random Rons on Twitter with this idea. Ron's tweet was in response to UK Prime Minister Theresa May saying that internet platforms must remove "extremist" content within two hours. This is after the UK's Home Office noted that they see links to "extremist content" remaining online for an average of 36 hours. Frankly, 36 hours seems incredibly low. That's pretty fast for platforms to be able to discover such content, make a thorough analysis of whether or not it truly is "extremist content" and figure out what to do about it. Various laws on takedowns usually have statements about a "reasonable" amount of time to respond -- and while there are rarely set numbers, the general rule of thumb seems to be approximately 24 hours after notice (which is pretty aggressive).

But for May to now be demanding two hours is crazy. It's a recipe for widespread censorship. Already we see lots of false takedowns from these platforms as they try to take down bad content -- we write about them all the time. And when it comes to "extremist" content, things can get particularly ridiculous. A few years back, we wrote about how YouTube took down an account that was documenting atrocities in Syria. And the same thing happened just a month ago, with YouTube deleting evidence of war crimes.

So, May calling for these platforms to take down extremist content in two hours confuses two important things. First, it shows a near total ignorance of the scale of content on these platforms. There is no way possible to actually monitor this stuff. Second, it shows a real ignorance about the whole concept of "extremist" content. There is no clear definition of it, and without a clear definitions wrong decisions will be made. Frequently. Especially if you're not giving the platforms any time to actually investigate. At best, you're going to end up with a system with weak AI flagging certain things, and then low-paid, poorly trained individuals in far off countries making quick decisions.

And since the "penalty" for leaving content up will be severe, the incentives will all push towards taking down the content and censorship. The only pushback against this is the slight embarrassment if someone makes a stink about mistargeted takedowns.
Of course, Theresa May doesn't care about that at all. She's been bleating on censoring the internet to stop terrorists for quite some time now -- and appears willing to use any excuse and make ridiculous demands along the way. It doesn't appear she has any interest in understanding the nature of the problem, as it's much more useful to her to be blaming others for terrorist attacks on her watch, than actually doing anything legitimate to stop them. Censoring the internet isn't a solution, but it allows her to cast blame on foreign companies.

Filed Under: censorship, extremist content, theresa may, uk
Companies: facebook, google, twitter

UK's Terrorism Law Reviewer Says Tech Companies Shouldn't Offer Encryption To Anonymous Users

from the nothing-to-hide,-everything-to-fear dept

Once again, someone's suggesting the best way to combat the spread of terrorist-related communications online is to make the tech companies do it, have them foot the bill, and do it all without being legislated into submission or making impudent comments like "That's not how any of this works."

Traveling beyond the groundwork of "necessary hashtags" and constant threats to bludgeon tech companies into mandatory, worldwide speech policing, the UK's independent reviewer of terrorism laws -- former key terrorism prosecutor Max Hill QC -- suggests the better route lies not through legislation, but through some sort of tech wizardry.

[C]ooperation with tech giants such as Google and Facebook offered the best way forward, including the potential introduction of “verification” checks on social media users.

“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.

“If the technology would permit that sort of perusal, identification and verification, prior to posting that would form a very good solution… and would not involve wholesale infringement on free speech use of the internet.

“I’m talking about a nano-second.”

Yes, Hill is calling for encryption to be withheld from anonymous or pseudonymous users -- often the very users (dissidents, journalists, whistleblowers) for whom the added protection is key to survival. This pitch takes "nothing to hide/nothing to fear" to its illogical extremes, suggesting protected communications be limited to those who have made their personal information available to tech companies -- who then, in turn, can be forced to hand it over to various governments with a minimum of paperwork.

Hill is correct -- beating tech companies over the head with broadly-written legislative sledgehammers is unlikely to end well. But his "fix" isn't any better. In fact, the thing he thinks can be done in a "nano-second" may not even be possible. And that's by his own admission.

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

Something everyone can agree on -- "independent" or not -- is that tech companies should pay for whatever measures they're being forced to undertake for the government.

He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”

So, let's attempt to add this all up:

Hill thinks "sledgehammer legislation" would backfire. He also thinks tech companies should be able to flip switches somewhere to encrypt/decrypt communications as needed (million-dollar switches perhaps, but "recycle" those "profits!"). He also concedes no one has said these "nano-second" switch flips are actually possible. Finally, he believes tech companies will implement these measures and pay for them without being forced to by "sledgehammer legislation."

Hill has assembled a handful of logical flaws and presented them as a plan -- one whose impossibilities can be surmounted if everyone involved just talks about it for awhile. These are the words of a former prosecutor who has mistaken daydreaming out loud with acting as an independent overseer of terrorism-related legislation.

Filed Under: anonymity, encryption, going dark, identification, max hill, privacy, uk

UK Police Test Facial Recognition Tech At Carnival, Rack Up 35 Bogus 'Hits' And One Wrongful Arrest

from the in-the-land-of-the-no-eyed-cop,-the-civil-liberties-barrister-is-king dept

UK law enforcement has proudly been using facial recognition for tech for a few years now. As is the case with any new law enforcement tech advancement, it's being deployed as broadly as possible with as little oversight as agencies can get away with.

As of 2015, UK law enforcement had 18 million faces stashed away in its databases. Presumably, the database did not contain 18 million criminals and their mugshots. Concerns were raised but waved away with promises to put policies in place at some point in the future and with grandiose claims of 100% reliability. The latter, naturally, came from the police inspector who headed the facial recognition department. Caveat: this had only been tested on a limited set using "clear images."

What works well in theory and/or with limited datasets doesn't work especially well in practice. Here's how things went down when the facial recognition program was deployed in the wild.

The controversial trial of facial recognition equipment at Notting Hill Carnival resulted in roughly 35 false matches and an erroneous arrest, highlighting questions about police use of the technology.

The system only produced a single accurate match during the course of Carnival, but the individual had already been processed by the justice system and was erroneously included on the suspect database.

Yeah, that's going to keep UK citizens from being menaced by terrorists, drug dealers, and whatever else was cited to keep the facial recognition program from being derailed by concerned legislators and citizens. And, while the tech was busy failing to do its job, a few thousand photos of people engaged in nothing more than being criminally underdressed were added to the pot of randomly-drawn faces for the next round of facial recognition roulette.

Supposedly, this was a trial run. The false positives were apparently derived from a list of suspects' faces wanted on rioting-related charges. Fortunately, those who were approached by officers as the result of bogus tech tip-offs had their identification documents on them. Nothing in the law requires you to carry them wherever you go, but if the law's going to use tech as faulty as this, it may as well be a criminal offense to leave home without them. You're going to get rung up -- at least temporarily -- if you can't prove you aren't who the software says you are.

Undeterred by this resounding lack of success, the Metropolitan police are planning to test the software again. This will give another set of UK citizens the chance to be wrongfully arrested at some point in the near future. Until the bugs are worked out -- which means violating the rights and freedoms of UK citizens during the beta testing phase -- UK law enforcement facial recognition tech will still be remembered as the thing that caught that shoplifter that one time.

Filed Under: facial recognition, surveillance, uk

Repeal All UK Terrorism Laws, Says UK Government Adviser On Terrorism Laws

from the outbreak-of-sanity dept

It's become a depressingly predictable spectacle over the years, as politicians, law enforcement officials and spy chiefs take turns to warn about the threat of "going dark", and to call for yet more tough new laws, regardless of the fact that they won't help. So it comes as something of shock to read that the UK government's own adviser on terrorism laws has just said the following in an interview:

The Government should consider abolishing all anti-terror laws as they are "unnecessary" in the fight against extremists, the barrister tasked with reviewing Britain’s terrorism legislation has said.

…

the Independent Reviewer of Terrorism Legislation, argued potential jihadis can be stopped with existing "general" laws that are not always being used effectively to take threats off the streets.

As the Independent reported, the UK government's Independent Reviewer of Terrorism Legislation, Max Hill, went on:

"We should not legislate in haste, we should not use the mantra of 'something has to be done' as an excuse for creating new laws," he added. “We should make use of what we have."

Aside from the astonishingly sensible nature of Hill's comments, the interview is also worth reading for the insight it provides into the changing nature of terrorism, at least in Europe:

Mr Hill noted that some of the perpetrators of the four recent terror attacks to hit the UK were previously "operating at a low level of criminality", adding: "I think that people like that should be stopped wherever possible, indicted using whatever legislation, and brought to court."

This emerging "crime-terror nexus" is one reason why anti-terrorism laws are unnecessary. Instead, non-terrorism legislation could be used to tackle what Hill termed "precursor criminality" -- general criminal activity committed by individuals who could be stopped and prosecuted before they move into terrorism. Similarly, it would be possible to use laws against murder and making explosive devices to hand down sentences for terrorists, made harsher to reflect the seriousness of the crimes.

Even though Hill himself doubts that the UK's terrorism laws will be repealed any time soon, his views are still important. Taken in conjunction with the former head of GCHQ saying recently that end-to-end encryption shouldn't be weakened, they form a more rational counterpoint to the ill-informed calls for more laws and less crypto.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: extremism, max hill, terrorism, terrorism laws, uk

GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There

from the so-much-for-those-'flight-risk'-fears dept

It looks like the UK found an easy way to avoid another lengthy extradition battle. Its intelligence agency, GCHQ, knew something security research Marcus Hutchins didn't -- and certainly didn't feel obliged to tell him. Not only that, but it let a criminal suspect fly out of the country with zero pre-flight vetting. (Caution: registration wall ahead.)

Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference.

Hutchins’s arrest by the FBI on August 2 while he was returning from Las Vegas freed the British government from the “headache of an extradition battle” with their closest ally, say sources familiar with the case.

Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there's something a bit mean-spirited about allowing a UK citizen to walk into custody in another country. And as for the "headache," too bad. That's just part of the deal when you make promises to other countries you'll ship them your citizens to face an uphill battle in an unfamiliar judicial system while facing charges for laws that may not apply the same way -- or as harshly -- at home.

This is even more disconcerting when it was Hutchins who was instrumental in killing off the WannaCry ransomware that wreaked havoc pretty much everywhere earlier this year. In gratitude for his efforts, a few publications outed the person behind the "MalwareTech" pseudonym, which probably made it a bit easier to tie Hutchins to various online personas.

As Marcy Wheeler pointed out on Twitter, it works out pretty well for the UK. It gets to outsource its prosecutions to a nation where punishments for malicious hacking are much, much higher. It also gets to dodge the publicity black eye of handing over its (inadvertent) WannaCry hero to the feds and their threat of a few decades in jail. It also suggests the Five Eyes partnership is paying off in questionable ways and, sooner or later, it's going to be an American citizen walking into the same sort of trap overseas.

Filed Under: doj, extradition, fbi, gchq, malwaretech, marcus hutchins, uk

Company Storing Families' Personal Data Blocks Users/Researchers Informing It Of A Security Flaw

from the blockchain,-but-for-ignoring-your-problems dept

It must be repeated over and over: people who discover security flaws and report them are not the enemy. And yet, company after company after company treat security researchers and concerned users like criminals, threatening them with lawsuits and arrests rather than thanking them for bringing the issue to their attention.

Kids Pass -- a UK company providing discounts for families attending restaurants, theaters, and amusement parks -- had a problem. Any user could access any other user's personal information just by altering numbers linked to user IDs in the URL. A concerned user told security researcher Troy Hunt about the flaw. (via Boing Boing)

[J]ust this weekend I had a Twitter follower reach out via DM looking for advice on how to proceed with a risk he'd discovered when signing up to Kids Pass in the UK, a service designed to give families discounts in various locations across the country. What he'd found was the simplest of issues and one which is very well known - insecure direct object references. In fact, that link shows it's number 4 in the top 10 web application security risks and it's so high because it's easy to detect and easy to exploit. How easy? Well, can you count? Good, you can hack! Because that's all it amounted to, simply changing a short number in the URL.

Here's the example the user passed on to Hunt:

Hunt told the user to stop doing anything -- including accessing other users' information -- and immediately inform the company. The user did as instructed, contacting the company via Twitter direct message. Shortly thereafter, the user informed Hunt Kids Pass had blocked him on Twitter.

Hunt then made an attempt to speak to someone at Kids Pass… only to find out he had been blocked as well, most likely for having the gall to retweet the concerned user's message about the security flaw.

The responsible, ethical approach -- notifying a company of a security flaw as soon as possible -- was being treated like some sort of trollish attack on Kids Pass' Twitter account. From all appearances, the company simply wanted everyone to shut up about the flaw, rather than address the concerns raised by userw.

It was only after Hunt asked his followers to contact the company on his behalf that Kids Pass finally unblocked him and told everyone the "IT department was looking at it."

The belated reaction doesn't make up for the initial reaction. And Kids Pass has shown it has little interest in addressing security flaws until the problem becomes too public to ignore. Hunt points to a blog post by another security researcher who informed Kids Pass last December about its insecure system -- including the fact it sent forgotten passwords in plaintext via email to users. He heard nothing back, finally publishing his discoveries in July.

If you want people to be good web citizens and report breaches and flaws, you can't treat them like irritants or criminals when they do. Securing users' personal info is extremely important, but some companies seem to feel they should be able to handle it however they want and mute/sue/arrest those who point out how badly-flawed their systems are.

Filed Under: security, shooting the messenger, troy hunt, uk, vulnerability
Companies: kids pass

UK Home Secretary Doesn't Want Backdoors; She Just Wants Companies To Stop Offering Encryption Because No One Wants It

from the insanity-plea dept

UK Home Secretary Amber Rudd, perhaps now most famously known for not knowing the "necessary hashtags," is back to beating up on encryption because it (no citation provided) helps terrorists get away with terrorism. Her op-ed piece for The Telegraph begins as so many pleas to undermine encryption do: with the horrors perpetrated by terrorists. Only now, the parade of horrors tends to sound something like a "CSI: Cyber" exposition outtake.

Nearly every plot we uncover has a digital element to it. Go online and you will find your own “do-it-yourself” jihad at the click of a mouse. The tentacles of Daesh (Isil) recruiters in Syria reach back to the laptops in the bedrooms of boys – and increasingly girls – in our towns and cities up and down the country. The purveyors of far-Right extremism pump out their brand of hate across the globe, without ever leaving home.

The scale of what is happening cannot be downplayed. Before he mowed down the innocents on Westminster Bridge and stabbed Pc Keith Palmer, Khalid Masood is thought to have watched extremist videos. Daesh claim to have created 11,000 new social media accounts in May alone. Our analysis shows that three-quarters of Daesh propaganda stories are shared within the first three hours of release – an hour quicker than a year ago.

An hour quicker! In internet time, that's practically a millennium. It's tough to tell what Rudd's attempting to make of this technobabble. Is she suggesting future Masoods will act quicker because they'll be able to complete their viewing of extremist videos faster? If that's the case, maybe regulators need to step in and throttle broadband connections. The more the video buffers, the less likely it is someone will watch it… and the less likely it is someone will carry out an attack. The math(s) work out.

Unfortunately, this is not where the op-ed is heading. Sadly, Rudd is here to take a swing at encryption. But she takes a swing at it in prime passive-aggressive, Ike Turner-style, saying she loves it even as the blows rain home.

Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online.

I ain't mad at ya.

But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.

But you mess me up so much inside.

To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption. But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.

In a fun twist, Rudd doesn't call for harder nerding. (Note: Rudd is visiting Silicon Valley to meet with tech leaders, so it's safe to assume requests for harder nerding will be made, even if not directly in this op-ed.)

No, Rudd doesn't want the impossible: secure, backdoored encryption. Instead, she wants to know if tech companies will just take the encryption off one end of the end-to-end. Her bolstering argument? The public doesn't give a shit about encryption. It just wants easy-to-use communication tools.

Real people often prefer ease of use and a multitude of features to perfect, unbreakable security. So this is not about asking the companies to break encryption or create so called “back doors”. Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and “usability”, and it is here where our experts believe opportunities may lie.

Having set up her straw app user, Rudd moves towards her conclusion… which is severely lacking in anything cohesive or coherent. The "opportunities" lie in persuading tech companies to provide users with less secure communications platforms. Should be an easy sale, especially if the average user doesn't care about security. But maybe the company does and doesn't want to give bad people an easy way to access the communications of others. Hence encryption. Hence end-to-end, so even if the provider is breached, there's still nothing to access.

What Rudd is looking for can't be called a trade-off. The government has nothing tech companies want. All they can offer is platitudes about fighting crime and national security. The government, meanwhile, wants tech companies to write software the way the government wants it, rather than how the company or its users want it. That's not a trade-off. That's a one-way street where every internet communication platform becomes a proxy government agency.

Rudd's idea is bad and she should feel bad. But I get the feeling that no matter how many tech experts she talks to, she's still going to believe her way is the right and best way.

Filed Under: amber rudd, backdoors, encryption, fud, terrorism, uk

UK WiFi Company Uses Overlong TOS To Trick Hotspot Users Into Cleaning Toilets, Hugging Stray Cats

from the sign-your-life-away dept

So we've talked for years about how overlong terms of service contracts that nobody reads are used to eliminate your rights in numerous ways. That includes stripping away your legal rights and forcing you to engage in binding arbitration, which results in the company-employed arbitrator ruling in their employer's favor a vast majority of the time. In fact Tim Berners-Lee, the creator of the World Wide Web, recently cited these overlong and misleading contracts as one of the biggest threats to the health and utility of his invention.

Every so often we'll see a company conduct an experiment to demonstrate the stupidity of long-normalized behavior, like the company in 2010 that got users to sign off on selling their soul. Taking a cue out of that playbook, UK WiFi hotspot operator Purple recently did something similar, burying a provision in their terms of service requiring that customers engage in 1,000 hours of menial labor if they wanted to access the internet.

Purple currently provides hotspot connectivity to Legoland, Outback Steakhouse and Pizza Express, and stated in a blog post that they provided patrons with a wonderful array of possibilities in terms of how to pay down their community service time, including:

The company says it ultimately found that over 22,000 users blindly signed off on the requirement during the two week period during which the experiment was conducted. It should go without saying that they won't be enforcing the rules, but wanted to simply get a little free press while highlighting the stupidity of overlong TOS. Impressively, they note that during the two-week trial, just one user actually noticed what he was signing off on:

"Don’t worry, we aren’t going to round up these individuals and ask them to don their rubber gloves and repay the community debt. The real reason behind our experiment is to highlight the lack of consumer awareness when signing up to use free WiFi. All users were given the chance to flag up the questionable clause in return for a prize, but remarkably only one individual, which is 0.000045% of all WiFi users throughout the whole two-weeks, managed to spot it."

While these pranks go a long way in highlighting the problem, there's few if any real efforts to actually do much of anything about it. We desperately need simpler, cleaner terms of service updated for the digital age, but since companies adore using these lengthy, confusing contracts to protect themselves, hamstring your product ownership rights and make additional revenue, nothing much ever changes.

Filed Under: hotspots, terms of service, tos, uk, wifi
Companies: purple

Sex History Educational Site Wants To Know If It's Going To Be Bricked Up Behind UK's Porn Wall

from the are-you-old-enough-to-LEARN? dept

As the UK's porn filter move from "voluntold" to mandatory, questions are being raised (again) about the potential for overblocking. As is the case with any filtering system, things that should be allowed to go through sometimes end up caught in the netting.

In addition to the opt-out porn filtering system in place at UK internet service providers, the government is also demanding any site that meets its vague definition of pornographic verify users' ages before allowing them access. This will apparently be tied to credit cards and/or mobile phones, so the government can strip porn viewers of anonymity it will be slightly more difficult for the under-18 crowd to avail themselves of over-18 web goodies. (But not really.)

Because the blockaded content is so vaguely defined, education sites -- like the Whores of Yore site -- are likely to end up on the government's ID-please naughty list.

Whores of Yore is a website, run by academic Kate Lister, which describes itself as follows: “We are proudly sex-positive. An inter-disciplinary, pro-sex worker rights hub, dedicated to exploring the history of human sexuality and challenging shame and stigma.”

The site is slightly NSFW but not really the sort of thing that should be targeted when targeting porn. Unfortunately, the UK government prefers shotguns to sniper rifles and is apparently comfortable with collateral damage. The provision -- tied up with lots of other stupid/bad stuff in the Digital Economy Act -- says anything covered the government's R18 and 18 certificates (roughly XXX and R-rated, respectively) will need to be blocked with a government-ordained registration wall. Harder porn is covered by the R18. The 18 certification covers simple things like nudity, if the government decides the content is "titillating."

There certainly are some titillating things at Whores of Yore, but there's also a great deal of educational material. Concerned her site might be blocked, Lister asked the blocking government body directly for its view on her site's content. Results were inconclusive.

So Kate contacted the BBFC, the UK’s soon-to-be Internet censor with a simple question: will she be a criminal, and will her site be blocked, under the new regime? After all, these rules are set to become law within a few months, and have been under discussion for years. Predictably, the BBFC responded to say they simply can’t answer:

“Work in this area has not yet begun and so we are not in a position to advice [sic] you on your website. Pages 23 and 24 of our Classification Guidelines detail the standards applied when classifying sex works at 18 and R18 however and may be of interest to you.”

In other words, the censoring agency has no idea. It simply asks questioners to read the same guidelines it will apparently be enforcing. As Lister says, reading the guidelines in hopes of finding clear delineations in content regulation is "about as useful as a chocolate dildo." Given this non-response, it's safe to assume when the blockade goes live, writers might need to search for less titillating metaphors if they're not behind an age verification wall.

Filed Under: porn, porn filter, porn wall, sex education, uk, websites