Posts Tagged ‘BBFC’

Read more bw.htm at MelonFarmers.co.uk

womens aid logo The campaign group Women’s Aid is working with the BBFC on a consultation with victims of domestic abuse about how scenes of domestic abuse are classified and the warnings we see before we watch scenes of domestic abuse.The BBFC will be working with a research company and Women’s Aid to set up focus groups in London and Manchester to discuss the issues raised by a variety of film and media content. Participants will be asked to view three or four feature films, in advance of attending the focus groups, and will then discuss those films as well as some supplementary clips.

The research will be conducted by an independent market research company called Goldstone Perl Research. The focus groups will take place in January.

Advertisements
Read more latest.htm at MelonFarmers.co.uk

joker poster Joker is a 2019 USA crime thriller by Todd Phillips.
Starring Robert De Niro, Joaquin Phoenix and Marc Maron. BBFC link IMDb

Joker centers around an origin of the iconic arch nemesis and is an original, standalone story not seen before on the big screen. Todd Phillips’ exploration of Arthur Fleck (Joaquin Phoenix), a man disregarded by society, is not only a gritty character study, but also a broader cautionary tale.

After a fair amount of speculation about the BBFC rating, brought on in part because of the belated publication, the BBFC have announced that the cinema release will be 15 uncut for strong bloody violence, language.Prior speculation was that maybe the MPAA R rated film would be BBFC 18 rated or maybe the delay was caused by Warner Brothers was commissioning cuts for a 15 rating.

It seems strange that the BBFC seems OK with cinema films in particular getting rated only a few days before release. Surely many people will therefore be making decisions, or even booking seats, before they are made aware of the rating. It probably leads to a few cinema goers watching films that they, or maybe their parents, may have felt unsuitable if they had but known.

BBFC reveals new rating symbols

Posted: 12 September, 2019 in BBFC, Uncategorized
Tags: ,
Read more bw.htm at MelonFarmers.co.uk

bbfc symbols 2020 New age rating symbols come into effect for theatrical and VOD services on 31 October 2019.For packaged media, introducing the new symbols requires changes to the relevant piece of secondary legislation, the Video Recordings Act (Labelling) Regulations 2012. It is expected that the necessary changes to legislation will be made in time for the new symbols to be used on packaged media starting from 6 April 2020.

Presumably the change is basically to simplify the background so that the symbols can display better on small screens. There is also two distinct colour changes:

  • The video 12 rating changes from red to orange to match the orange 12A symbol for theatrical releases.
  • The 15 certificate changes from red to pink. This matches the Irish theatrical !5A symbol, so perhaps there is some future unification there. Many films have a joint video distribution in the UK and Ireland but for the moment the IFCO video symbols are very different.
IFCO Theatrical symbols ifco 12 15A !FCO 18 cinema
Read more uk_internet_censors.htm at MelonFarmers.co.uk
ICO’s Data Protection Training
The Pavlov Method
nodding dog
 ☑  Yes I won’t read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won’t read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like ‘to make my viewing experience better’
 ☑  Yes, no need to ask, I’ll tick anything

Digital Minister Margot James has apologised for the six-month delay on the so-called porn block, which had been due to take effect today (16th July). It is designed to force pornography websites to verify users are over 18.

But the law has been delayed twice – most recently because the UK government failed to properly notify European regulators. James told the BBC:

I’m extremely sorry that there has been a delay. I know it sounds incompetent. Mistakes do happen, and I’m terribly sorry that it happened in such an important area,

Of course the fundamental mistake is that the incompetent lawmakers cared only about ‘protecting the children’ and gave bugger all consideration to the resulting endangerment of the adults visiting porn sites.

It took the government months, but it finally started to dawn on them that perhaps they should do something to protect the identity data that they are forcing porn users to hand over that can then be pinned to their porn browsing history. They probably still didn’t care about porn users but perhaps realised that the scheme would not get of the ground if it proved so toxic that no one would ever sign up for age verification at all.

Well as a belated after thought the government, BBFC and ICO went away to dream up a few standards that perhaps the age verifiers ought to be sticking to try and ensure that data is being kept safe.

So then the whole law ended up as a bag of worms. The authorities now realise that there should be level of data protection, but unfortunately this is not actually backed up by the law that was actually passed. So now the data protection standards suggested by the government/BBFC/ICO are only voluntary and there remains nothing in law to require the data actually be kept safe. And there is no recourse against anyone who ends up exploiting people’s data.

The Open Rights Group have just written an open letter to the government to ask that government to change their flawed law and actually require that porn users’ data is kept properly safe:

The Rt Hon Jeremy Wright QC MP Secretary of State for Digital, Culture, Media and Sport

Re: BBFC Age Verification Privacy Certification Scheme

Dear Secretary of State,

open rights group 2016 logo We write to ask you to legislate without delay to place a statutory requirement on the British Board of Film Classification (BBFC) to make their privacy certification scheme for age verification providers mandatory. Legislation is also needed to grant the BBFC powers to require compliance reports and penalise non-compliant providers.

As presently constituted, the BBFC certification scheme will be a disaster. Our analysis report, attached, shows that rather than setting out objective privacy safeguards to which companies must adhere, the scheme allows companies to set their own rules and then demonstrate that these are being followed. There are no penalties for providers which sign up to the standard and then fail to meet its requirements.

The broadly-drafted, voluntary scheme encourages a race to the bottom on privacy protection. It provides no consistent guarantees for consumers about how their personal data will be safeguarded and puts millions of British citizens at serious risk of fraud, blackmail or devastating sexual exposure.

The BBFC standard was only published in April. Some age verification providers have admitted that they are not ready. Others have stated that for commercial reasons they will not engage with the scheme. This means that the bureaucratic delay to age verification’s roll-out can now be turned to advantage. The Government needs to use this delay to introduce legislation, or at the least issue guidance under section 27 of the Digital Economy Act 2017, that will ensure the privacy and security of online users is protected.

We welcome the opportunity to bring this issue to your attention and await your response.

Yours sincerely,

Jim Killock Executive Director Open Rights Group

Read more uk_internet_censors.htm at MelonFarmers.co.uk

dogital policy alliance logo The AV industry is not yet ready The Digital Policy Alliance (DPA) is a private lobby group connecting digital industries with Parliament. Its industry members include both Age Verification (AV) providers, eg OCL, and adult entertainment, eg Portland TV.

Just before the Government announcement that the commencement of adult verification requirements for porn websites would be delayed, the DPA wrote a letter explaining that the industry was not yet ready to implement AV, and had asked for a 3 month delay.

The letter is unpublished but fragments of it have been reported in news reports about AV.

The Telegraph reported:

The Digital Policy Alliance called for the scheme to be delayed or risk nefarious companies using this opportunity to harvest and manipulate user data.

The strongly-worded document complains that the timing is very tight, a fact that has put some AVPs [age verification providers] and adult entertainment providers in a very difficult situation.

It warns that unless the scheme is delayed there will be less protection for public data, as it appears that there is an intention for uncertified providers to use this opportunity to harvest and manipulate user data.

The AV industry is  unimpressed by a 6 month delay

See article from news.sky.com

Rowland Manthorpe from Sky News contributed a few interesting snippets too. He noted that the AVPs were unsurprisingly not pleased by the government delay:

Serge Acker, chief executive of OCL, which provides privacy-protecting porn passes for purchase at newsagents, told Sky News: As a business, we have been gearing up to get our solution ready for July 15th and we, alongside many other businesses, could potentially now be being endangered if the government continues with its attitude towards these delays.

Not only does it make the government look foolish, but it’s starting to make companies like ours look it too, as we all wait expectantly for plans that are only being kicked further down the road.

There are still issues with how the AV providers can make money

And interestingly Manthorpe revealed in the accompanying video news report that the AV providers were also distinctly unimpressed by the BBFC stipulating that certified AV providers must not use Identity Data provided by porn users for any other purpose than verifying age. The sensible idea being that the data should not be made available for the the likes of targeted advertising. And one particular example of prohibited data re-use has caused particular problems, namely that ID data should not be used to sign people up for digital wallets.

Now AV providers have got to be able to generate their revenue somehow. Some have proposed selling AV cards in newsagents for about £10, but others had been planning on using AV to generate a customer base for their digital wallet schemes.

So it seems that there are still quite a few fundamental issues that have not yet been resolved in how the AV providers get their cut.
Some AV providers would rather not sign up to BBFC accreditation

See article from adultwebmasters.org

Maybe these issues with BBFC AV accreditation requirements are behind a move to use an alternative standard. An AV provider called VeriMe has announced that it has the first AV company to receive a PAS1296 certification.

The PAS1296 was developed between the British Standards Institution and the Age Check Certification Scheme (ACCS). It stands for Public Accessible Specification and is designed to define good practice standards for a product, service or process. The standard was also championed by the Digital Policy Alliance.

Rudd Apsey, the director of VeriMe said:

The PAS1296 certification augments the voluntary standards outlined by the BBFC, which don’t address how third-party websites handle consumer data, Apsey added. We believe it fills those gaps and is confirmation that VeriMe is indeed leading the world in the development and implementation of age verification technology and setting best practice standards for the industry.

We are incredibly proud to be the first company to receive the standard and want consumers and service providers to know that come the July 15 roll out date, they can trust VeriMe’s systems to provide the most robust solution for age verification.

This is not a very convincing argument as PAS1296 is not available for customers to read, (unless they pay about 120 quid for the privilege). At least the BBFC standard can be read by anyone for free, and they can then make up their own minds as to whether their porn browsing history and ID data is safe.

However it does seem that some companies at least are planning to give the BBFC accreditation scheme a miss.
The BBFC standard fails to provide safety for porn users data anyway.

See article from medium.com

The AV company 18+ takes issue with the BBFC accreditation standard, noting that it allows AV providers to dangerously log people’s porn browsing history:

Here’s the problem with the design of most age verification systems: when a UK user visits an adult website, most solutions will present the user with an inline frame displaying the age verifier’s website or the user will be redirected to the age verifier’s website. Once on the age verifier’s website, the user will enter his or her credentials. In most cases, the user must create an account with the age verifier, and on subsequent visits to the adult website, the user will enter his account details on the age verifier’s website (i.e., username and password). At this point in the process, the age verifier will validate the user and, if the age verifier has a record the user being at least age 18, will redirect the user back to the adult website. The age verification system will transmit to the adult website whether the user is at least age 18 but will not transmit the identity of the user.

The flaw with this design from a user privacy perspective is obvious: the age verification website will know the websites the user visits. In fact, the age verification provider obtains quite a nice log of the digital habits of each user. To be fair, most age verifiers claim they will delete this data. However, a truly privacy first design would ensure the data never gets generated in the first place because logs can inadvertently be kept, hacked, leaked, or policies might change in the future. We viewed this risk to be unacceptable, so we set about building a better system.

Almost all age verification solutions set to roll out in July 2019 do not provide two-way anonymity for both the age verifier and the adult website, meaning, there remains some log of?204?or potential to log — which adult websites a UK based user visits.

In fact one AV provider revealed that up until recently the government demanded that AV providers keep a log of people’s porn browsing history and it was a bit of a late concession to practicality that companies were able to opt out if they wanted.

Note that the logging capability is kindly hidden by the BBFC by passing it off as being used for only as long as is necessary for fraud prevention. Of course that is just smoke and mirrors, fraud, presumably meaning that passcodes could be given or sold to others, could happen anytime that an age verification scheme is in use, and the time restriction specified by the BBFC may as well be forever.

Read more uk_internet_censors.htm at MelonFarmers.co.uk

av security standard analysis 2 Executive Summary

The BBFC’s Age-verification Certificate Standard (“the Standard”) for providers of age verification services, published in April 2019, fails to meet adequate standards of cyber security and data protection and is of little use for consumers reliant on these providers to access adult content online.

This document analyses the Standard and certification scheme and makes recommendations for improvement and remediation. It sub-divides generally into two types of concern: operational issues (the need for a statutory basis, problems caused by the short implementation time and the lack of value the scheme provides to consumers), and substantive issues (seven problems with the content as presently drafted).

The fact that the scheme is voluntary leaves the BBFC powerless to fine or otherwise discipline providers that fail to protect people’s data, and makes it tricky for consumers to distinguish between trustworthy and untrustworthy providers. In our view, the government must legislate without delay to place a statutory requirement on the BBFC to implement a mandatory certification scheme and to grant the BBFC powers to require reports and penalise non-compliant providers.

The Standard’s existence shows that the BBFC considers robust protection of age verification data to be of critical importance. However, in both substance and operation the Standard fails to deliver this protection. The scheme allows commercial age verification providers to write their own privacy and security frameworks, reducing the BBFC’s role to checking whether commercial entities follow their own rules rather than requiring them to work to a mandated set of common standards. The result is uncertainty for Internet users, who are inconsistently protected and have no way to tell which companies they can trust.

Even within its voluntary approach, the BBFC gives providers little guidance to providers as to what their privacy and security frameworks should contain. Guidance on security, encryption, pseudonymisation, and data retention is vague and imprecise, and often refers to generic “industry standards” without explanation. The supplementary Programme Guide, to which the Standard refers readers, remains unpublished, critically undermining the scheme’s transparency and accountability.

Recommendations

  • Grant the BBFC statutory powers:

  • The BBFC Standard should be substantively revised to set out comprehensive and concrete standards for handling highly sensitive age verification data.

  • The government should legislate to grant the BBFC statutory power to mandate compliance.

  • The government should enable the BBFC to require remedial action or apply financial penalties for non-compliance.

  • The BBFC should be given statutory powers to require annual compliance reports from providers and fine those who sign up to the certification scheme but later violate its requirements.

  • The Information Commissioner should oversee the BBFC’s age verification certification scheme

Delay implementation and enforcement:

Delay implementation and enforcement of age verification until both (a) a statutory standard of data privacy and security is in place, and (b) that standard has been implemented by providers.

Improve the scheme content:

Even if the BBFC certification scheme remains voluntary, the Standard should at least contain a definitive set of precisely delineated objectives that age verification providers must meet in order to say that they process identity data securely.

Improve communication with the public:

Where a provider’s certification is revoked, the BBFC should issue press releases and ensure consumers are individually notified at login.

The results of all penetration tests should be provided to the BBFC, which must publish details of the framework it uses to evaluate test results, and publish annual trends in results.

Strengthen data protection requirements:

Data minimisation should be an enforceable statutory requirement for all registered age verification providers.

The Standard should outline specific and very limited circumstances under which it’s acceptable to retain logs for fraud prevention purposes. It should also specify a hard limit on the length of time logs may be kept.

The Standard should set out a clear, strict and enforceable set of policies to describe exactly how providers should “pseudonymise” or “deidentify” data.

Providers that no longer meet the Standard should be required to provide the BBFC with evidence that they have destroyed all the user data they collected while supposedly compliant.

The BBFC should prepare a standardised data protection risk assessment framework against which all age verification providers will test their systems. Providers should limit bespoke risk assessments to their specific technological implementation.

Strengthen security, testing, and encryption requirements:

Providers should be required to undertake regular internal and external vulnerability scanning and a penetration test at least every six months, followed by a supervised remediation programme to correct any discovered vulnerabilities.

Providers should be required to conduct penetration tests after any significant application or infrastructure change.

Providers should be required to use a comprehensive and specific testing standard. CBEST or GBEST could serve as guides for the BBFC to develop an industry-specific framework.

The BBFC should build on already-established strong security frameworks, such as the Center for Internet Security Cyber Controls and Resources, the NIST Cyber Security Framework, or Cyber Essentials Plus.

At a bare minimum, the Standard should specify a list of cryptographic protocols which are not adequate for certification.

Read more bw.htm at MelonFarmers.co.uk

Red Sparrow DVD The BBFC reports on its complaints received in its annual report. And 2018 saw a bumper crop (relative to previous years. The BBFC wrote:

In 2018 we received 364 complaints covering 101 films and 67 complaints covering 24 trailers. The majority of these were from people who had attended the cinema or viewed films at home. However, we also received a number of complaints inspired by news reports, online blogs and organised campaigns.

The top films attracting complaints were:

Red Sparrow

Red Sparrow attracted 64 complaints. All correspondents felt that we should have classified the film at 18 instead of 15 because of elements of violence and sexual violence in the film.

Peter Rabbit

Fifty people contacted us about Peter Rabbit, a film featuring animated rabbits and based on the stories of Beatrix Potter. Four people complained about violence and upsetting scenes but the majority complained about a scene in which the rabbits pelt their adversary, an adult man, with fruit in order to defend themselves from his attack and provoke an allergic reaction. Complainants felt that this was unacceptable at PG because it might be emulated by children.

We received complaints about the allergic reaction before the film was released in the UK in response to press coverage that started in the US. We received no complaints about this scene after the film was released.

A Northern Soul

We classified the film 15 because of around 20 uses of strong language. While the language in the film is not used aggressively or sexually, our research suggests that a significant proportion of parents are concerned about the normalisation of such language in films. The language in A Northern Soul, is used casually in conversations, across a relatively short feature (75 minutes), with no particular justification.

Three people wrote to us complaining about the 15 rating for A Northern Soul feeling a 12A would be more appropriate. We received 45 postcards protesting the 15 rating; however, these had been created and handed out to cinema goers by the filmmakers at screenings and do not provide an accurate representation of broad public opinion.

Kaala

Kaala is a Tamil-language drama which we classified 12A. 43 people emailed us to complain about the film’s release. The complaints were not about the rating of the film itself but seemed to object to the actions of the film makers. They were all worded identically and were clearly part of an organised online campaign.

Show Dogs

A police Rottweiler goes undercover at a dog show. As part of the operation he is required to let the judges inspect his genitals in a manner that is not uncommon in dog shows. The character is reluctant but is encouraged to go to his happy place to get through the experience.

Thirty-one people wrote in to us echoing claims made in blogs that the scene might lower children’s resistance to predators who wish to inappropriately touch them.

However, the scene is comic, innocent and non-sexual in nature and occurs within the fantastical context of a film about anthropomorphised canines.

In a similar vein to Peter Rabbit the complaints regarding Show Dogs predominantly stopped once the film had been released in cinemas.

Love Simon trailer

We received 18 complaints about a PG-rated trailer for the film Love, Simon. The trailer covers teenage relationships and features some implied kissing and references to being in love. All complainants took issue with the discussion of sex and teenage relationships in the trailer but 11 took particular issue with the fact that the character is gay, believing the depiction of gay relationships to be inappropriate at the PG level.

Ready Player One

Ready Player One received ten complaints with correspondents focusing on infrequent strong language at 12A and some moments of horror.

Jurassic World: Fallen Kingdom

Jurassic World: Fallen Kingdom received six complaints, chiefly regarding very young children being brought to the 12A screenings.

Venom

Six people complained about Venom, which is rated 15. Complainants were disappointed they or their children would be unable to see the film.