Original article ISPreview UK:Read More
The UK telecoms and internet content regulator, Ofcom, has revealed they’re using an unidentified third-party monitoring tool – seemingly with AI capabilities – to track the public’s use of Virtual Private Network (VPN) tools as part of Government concerns that they’re being used to circumvent internet censorship measures under the Online Safety Act (OSA).
In case anybody has forgotten. VPN usage recently jumped after Ofcom began enforcing Age Verification measures across the internet as part of the OSA, which was sold to the public by the government as being intended to restrict access to porn.
However, the measures also ended up going much further and resulted in a heap of regular online services all suddenly wanting to scan your face and collect credit card details (among other methods) – often via unfamiliar third parties – before allowing access (e.g. messaging services, social media, online games, music streaming, TikTok etc.).
The change, which has been seen by some as indicative of the UK’s slow slide towards digital authoritarianism, occurred at a time when most of us have long been conditioned to share as little personal and financial data as possible with online platforms (especially social networks, where real names aren’t always used) – due partly to the all-too-common risk of data breaches.
Suffice to say, many adults did NOT want to have to share personal or financial details with unknown third-parties just to be able to chat with family members/business contacts or listen to the latest music, among other things. But the government’s sledgehammer approach leaves few alternatives, potentially fuelling the risk from cybercrime and making it harder for people to control who has access to their data.
One recent data breach, which was linked to online voice provider Discord helps to underline these points (here). The breach exposed government ID photos of approximately 70,000 users after hackers compromised a third-party company contracted for age verification.
VPN Use Spikes
In response, many people have been flocking to adopt VPN services in order to avoid age verification (e.g. using them to change the geographic location of their active IP address and mask the real connection). The UK government promptly responded to this by warning that online platforms which “deliberately target UK children and promote [Virtual Private Network] use” could now “face enforcement action, including significant financial penalties“.
Several government MPs have even called for the nuclear option of banning VPNs to stop circumvention of the rules (here), although officially the government says there are “no current plans to ban the use of VPNs“. But the option is still said to remain on the table, and we all know that plans can change, often suddenly (“no plans” is the most abused / changeable term in the PR arsenal).
What’s Ofcom Doing?
Some recent probing by TechRadar has now revealed that Ofcom are using an unidentified and seemingly AI powered (inferred from language in the comment below) third-party tool to track the public’s use of VPNs.
On the one hand, it’s not surprising that the regulator would be looking at VPN usage, given their role. But what is concerning is the lack of transparency involved in their approach and Ofcom’s seeming refusal to identify who they’re working with (i.e. people may wish to know if this is a company with a track record of protecting people’s privacy, or more associated with the use of invasive surveillance techniques).
As the website says, the fact that a regulator is using tools (and thus presumably spending money and resources) to specifically track the public’s use of software designed to enhance digital privacy is a concern that risks undermining their very purpose as a privacy tool.
A spokesperson for Ofcom said:
“We use a leading third-party provider, which is widely used in the industry, to gather information on VPN usage. The provider combines multiple data sources to train its models and generate usage estimates. The data we access and use in our analyses is fully aggregated at the app level, and no personally identifiable or user-level information is ever included.”
The regulator’s CEO, Dame Melanie Dawes, last month revealed (Open Letter to the Government) that, “following the 25th July deadline we saw a spike in their use – with UK daily active users of VPN apps temporarily doubling to around 1.5 million. However, usage has since plateaued, and has now fallen back to around 1 million by the end of September“.
However, as above, there remains a lack of transparency over how the regulator came up with this number. Ofcom previously said that the key question they will be monitoring (though they admit “it is hard to measure“) is whether VPN use is rising among children.
Data from Internet Matters, collected before July, suggests that around one in ten under-18s used VPNs, with use skewing towards older teenagers. No surprise there – this is the group likely to feel most aggrieved by the new approach, since there are few things more annoying than being 15-18 years old and yet treated like you’re 5.
At present both of the largest political parts remain fully supportive of the OSA and thus it’s difficult to imagine that the Government will roll back any of its measures (if anything, they seem to be extending it). Meanwhile, many online services will feel that the risk of being legally liable for not going far enough is something they cannot countenance and will thus continue to adopt such strict measures.
Please note that we won’t be able to approve any comments on this news article if they promote VPN services, for hopefully obvious reasons.