LONDON – On your marks, get set…. wait indefinitely.

That’s the position adult businesses, website operators and site users find themselves in with respect to the UK’s new age-verification requirements under the Digital Economy Act, after the UK government revealed it is delaying implementation of compulsory age-verification checks for online porn users until sometime later this year.

In a statement entitled “£25m for 5G projects on the anniversary of the UK’s Digital Strategy” released earlier this month by the Department for Digital, Culture, Media & Sport (DDCMS) and MP Margot James, the government reaffirmed its “ambition to make the internet safer for children by requiring age verification for access to commercial pornographic websites in the UK,” an effort of which the new age-verification system is to be a part.

After noting that the British Board of Film Classification (BBFC) was “formally designated as the age verification regulator” in February, the statement implied more time was needed for the BBFC to craft and refine its regulatory scheme.

“Our priority is to make the internet safer for children and we believe this is best achieved by taking time to get the implementation of the policy right,” the DDCMS said in its statement. “We will therefore allow time for the BBFC as regulator to undertake a public consultation on its draft guidance which will be launched later this month.”

“For the public and the industry to prepare for and comply with age verification, the Government will also ensure a period of up to three months after the BBFC guidance has been cleared by Parliament before the law comes into force,” the statement continued. “It is anticipated age verification will be enforceable by the end of the year.”

It’s a delay critics and supporters of the age-verification measures appear to agree is needed.

“We need to take the time to make sure we get it right,” an unidentified spokesperson for the DDCMS told the BBC.

“This is a chance for the government to rethink the absence of safeguards for privacy and security, but it is frightening to consider that this policy was two weeks away from launch before it was pulled,” said Myles Jackman, the legal director for the Open Rights Group said in a statement released by the ORG. “Matt Hancock needs to introduce powers to safeguard privacy immediately before this scheme causes real damage.”

While the delay will afford officials more opportunity to think through the nature and structure of the age-verification requirements, it won’t change the fundamental challenge of confirming the identity and age of web users while simultaneously maintaining those users’ privacy and preventing inappropriate access to personally identifying information.

The challenges of verifying the age of someone who is not physically present is something all manner of companies and organizations who have need to do so have been struggling with for years. Numerous government and private industry task forces have considered the subject over the years, and all have come to some version of the same conclusion: There is no quick fix, no failsafe approach and no foolproof system for reliably identifying remote users and confirming their age.

Nine years after the publication of the final report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States (“ISTTF” for short), the fundamental issue remains the same one which has persistently stumped technologists, legislators and policy-makers since the commercial internet first became viable.

“Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness,” the ISTTF wrote in its 2009 report. “Any system that relies on remote verification of information has potential for inaccuracies…. on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s. Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records. Any system that focuses on third-party in-person verification would require significant political backing and social acceptance. Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.”

If these points sound familiar, it’s because critics of the UK’s pending age-verification requirements (not to mention critics of every similar notion proposed in the U.S.) have been making similar points since debate of this aspect of the Digital Economy Act first kicked up.

Can the BBFC and those consulting with them come up with a system which addresses all these concerns?

The answer, more likely than not, is going to be no. Unfortunately, since the UK has committed to establishing some sort of age-verification system, such a system will be implemented – imperfections and all.

Bar Code Image © BSK