Internet News

The Netflix film The Perfection has been reclassified in New Zealand as 18+ following concerns raised by a few viewers over its graphic content.

Netflix had rated the film as 16+ with a content note of language, violence, nudity.

New Zealand generally accepts Australian age ratings as a default unless queried. The Australian Classification Board settled on an MA 15+ rating for Strong themes of sexual violence, violence, sex and coarse language.

The film had also caused a bit of a stir in Australia too. Netflix's own classification tool had assigned the film an MA15+ rating. The rating included consumer advice that warned of, among other things, strong blood and gore.

After hearing reports of viewers becoming physically ill, the Australian Classification Board decided to audit the Netflix rating. The director of the Classification Board, Margaret Anderson, confirmed that Netflix was not only right to classify the film MA15+, but that its strong blood and gore warning was not necessary.

In New Zealand, however, the classification has been raised to 18+ with warnings about rape, sexual violence, suicide references, graphic violence. Chief Censor David Shanks noted that

The film wasn't viewed by any authority until after it had launched on Netflix, which demonstrates a serious problem with the classifications system.

A member of the public flagged the film to the Office of Film and Literature Classification (OFLC) on May 26 - when it had already been available on Netflix in New Zealand for two days.

Streaming services are not subject to any formal regime. I can call them in using my powers under the act but it's reactive and usually it's out there and people have seen it before we can get the thing addressed.

Note that the BBFC agreed with the 18 rating, passing the film 18 uncut for sexual violence, suicide references.

Update: Why we changed the rating for The Perfection

16th June 2019. See article from classificationoffice.govt.nz by Chief Censor David Shanks

The content that most concerns Kiwis is quite different to what gets under the skins of people in other countries, such as Australia, the United States, or most other places in the world.

We have our own culture and values to be proud of, and our own very real problems to deal with.

At our office we try to ensure that Kiwis get all the information they need before they watch a movie or series, so people can make viewing choices that are right for them. Increasingly we are less about censorship and more about empowering Kiwis to make their own informed choices.

This is straightforward when it comes to traditional media such as DVDs or movies at the cinema, but content on streaming services like Lightbox or Netflix is not currently covered by our legislation, which makes things a little more complex!

A good example popped up this week after my office was told about themes of sexual violence and child abuse in a film called The Perfection. It initially landed via Netflix as 16+ with a note for Language, violence, nudity. This looks to me like a US rating. I checked with my counterparts overseas, and found that the Aussies initially rated it as MA15+, with the note Strong Nudity, Strong Violence, Strong Blood and Gore, Strong Coarse Language, Strong Horror Themes, Horror Violence and the Brits gave it an 18, with a note for Sexual violence, suicide references.

That illustrates the issue. Different audiences are concerned with different things. In the States people often want to be warned about coarse language and nudity, but here in NZ Kiwis have told us sexual violence and suicide are topics people want to be warned about in advance. These are big issues that many in our community care deeply about, and have lived experience of.

Once we'd seen the movie, we knew it had content that our audiences would expect to know about, - including suicide references and sexual violence. The warning note that Netflix had for this one really needed to change to be effective for a NZ audience. In terms of age rating we felt it was on the line between a 16+ and a 18+ rating, but the range of content and the format suggested the higher age rating.

Fortunately Netflix recognises the needs of our own domestic audience, and do genuinely want to engage with us, and be responsive to a NZ audience. So they were happy to change the information. It is now 18+ with the consumer advice, Rape, sexual violence, suicide references, graphic violence.

From my point of view, this is just another case illustrating the fact that we're all just working within a legislative system that was designed for media back in the eighties and nineties, and wasn't built to deal with the international availability of streaming media online.

There is room for optimism as the Government is looking at changing this. We see getting consumer information, particularly as content management tools and support for parents in the future will likely depend on accurate ratings to work properly.

Executive Summary

The BBFC's Age-verification Certificate Standard ("the Standard") for providers of age verification services, published in April 2019, fails to meet adequate standards of cyber security and data protection and is of little use for consumers reliant on these providers to access adult content online.

This document analyses the Standard and certification scheme and makes recommendations for improvement and remediation. It sub-divides generally into two types of concern: operational issues (the need for a statutory basis, problems caused by the short implementation time and the lack of value the scheme provides to consumers), and substantive issues (seven problems with the content as presently drafted).

The fact that the scheme is voluntary leaves the BBFC powerless to fine or otherwise discipline providers that fail to protect people's data, and makes it tricky for consumers to distinguish between trustworthy and untrustworthy providers. In our view, the government must legislate without delay to place a statutory requirement on the BBFC to implement a mandatory certification scheme and to grant the BBFC powers to require reports and penalise non-compliant providers.

The Standard's existence shows that the BBFC considers robust protection of age verification data to be of critical importance. However, in both substance and operation the Standard fails to deliver this protection. The scheme allows commercial age verification providers to write their own privacy and security frameworks, reducing the BBFC's role to checking whether commercial entities follow their own rules rather than requiring them to work to a mandated set of common standards. The result is uncertainty for Internet users, who are inconsistently protected and have no way to tell which companies they can trust.

Even within its voluntary approach, the BBFC gives providers little guidance to providers as to what their privacy and security frameworks should contain. Guidance on security, encryption, pseudonymisation, and data retention is vague and imprecise, and often refers to generic "industry standards" without explanation. The supplementary Programme Guide, to which the Standard refers readers, remains unpublished, critically undermining the scheme's transparency and accountability.

Recommendations

• Grant the BBFC statutory powers:

• The BBFC Standard should be substantively revised to set out comprehensive and concrete standards for handling highly sensitive age verification data.

• The government should legislate to grant the BBFC statutory power to mandate compliance.

• The government should enable the BBFC to require remedial action or apply financial penalties for non-compliance.

• The BBFC should be given statutory powers to require annual compliance reports from providers and fine those who sign up to the certification scheme but later violate its requirements.

• The Information Commissioner should oversee the BBFC's age verification certification scheme

Delay implementation and enforcement:

Delay implementation and enforcement of age verification until both (a) a statutory standard of data privacy and security is in place, and (b) that standard has been implemented by providers.

Improve the scheme content:

Even if the BBFC certification scheme remains voluntary, the Standard should at least contain a definitive set of precisely delineated objectives that age verification providers must meet in order to say that they process identity data securely.

Improve communication with the public:

Where a provider's certification is revoked, the BBFC should issue press releases and ensure consumers are individually notified at login.

The results of all penetration tests should be provided to the BBFC, which must publish details of the framework it uses to evaluate test results, and publish annual trends in results.

Strengthen data protection requirements:

Data minimisation should be an enforceable statutory requirement for all registered age verification providers.

The Standard should outline specific and very limited circumstances under which it's acceptable to retain logs for fraud prevention purposes. It should also specify a hard limit on the length of time logs may be kept.

The Standard should set out a clear, strict and enforceable set of policies to describe exactly how providers should "pseudonymise" or "deidentify" data.

Providers that no longer meet the Standard should be required to provide the BBFC with evidence that they have destroyed all the user data they collected while supposedly compliant.

The BBFC should prepare a standardised data protection risk assessment framework against which all age verification providers will test their systems. Providers should limit bespoke risk assessments to their specific technological implementation.

Strengthen security, testing, and encryption requirements:

Providers should be required to undertake regular internal and external vulnerability scanning and a penetration test at least every six months, followed by a supervised remediation programme to correct any discovered vulnerabilities.

Providers should be required to conduct penetration tests after any significant application or infrastructure change.

Providers should be required to use a comprehensive and specific testing standard. CBEST or GBEST could serve as guides for the BBFC to develop an industry-specific framework.

The BBFC should build on already-established strong security frameworks, such as the Center for Internet Security Cyber Controls and Resources, the NIST Cyber Security Framework, or Cyber Essentials Plus.

At a bare minimum, the Standard should specify a list of cryptographic protocols which are not adequate for certification.

An upcoming free speech platform promises to provide users the best features of other social media, but without the censorship.

The subscription based anti-censorship platform Thinkspot is being created by popular psychologist Dr. Jordan B. Peterson. It's being marketed as a free speech alternative to payment processors like Patreon in that it will monetize creators and also provide a social media alternative to platforms like Facebook and YouTube.

Peterson explained in a podcast that the website would have radically pro-free speech Terms of Service, saying that once you're on our platform we won't take you down unless we're ordered to by a US court of law.

That will be a profound contrast to platforms that ban users for misgendering people who identify as trans, or for tweeting learn to code at fired journalists.

The only other major rule on comments he mentioned was that they need to be thoughtful. Rather than suggesting that some opinions are off limits, Peterson said they will have a minimum required length so one has to put thought into what they write.

If minimum comment length is 50 words, you're gonna have to put a little thought into it, Peterson said. Even if you're being a troll, you'll be a quasi-witty troll.

All comments on the website will have a voting feature and if your ratio of upvotes to downvotes falls below 50/50 then your comments will be hidden, people will still be able to see them, if they click, but you'll disappear. He later added that these features could be tweaked as the website is still being designed.

AN MP in Spain is leading an initiative to force porn websites operating in the country to install strict age verification systems.

The recently elected 26-year-old Andrea Fernandez has called to end the culture of porn among young people. The limitation of pornographic contents online was included in the electoral programme of the the newly elected Prime Minister, Pedro Sanchez (Social Democrats). The goal of the new government is to implement a new strict age verification system for these kind of websites.

Here at the IWF, we've created life-changing technology and data sets helping people who were sexually abused as children and whose images appear online. The IWF URL List , or more commonly, the block list, is a list of live webpages that show children being sexually abused, a list used by the internet industry to block millions of criminal images from ever reaching the public eye.

It's a crucial service, protecting children, and people of all ages in their homes and places of work. It stops horrifying videos from being stumbled across accidentally, and it thwarts some predators who visit the net to watch such abuse.

But now its effectiveness is in jeopardy. That block list which has for years stood between exploited children and their repeated victimisation faces a challenge called DNS over HTTPS which could soon render it obsolete.

It could expose millions of internet users across the globe - and of any age -- to the risk of glimpsing the most terrible content.

So how does it work? DNS stands for Domain Name System and it's the phonebook by which you look something up on the internet. But the new privacy technology could hide user requests, bypass filters like parental controls, and make globally-criminal material freely accessible. What's more, this is being fast-tracked, by some, into service as a default which could make the IWF list and all kinds of other protections defunct.

At the IWF, we don't want to demonise technology. Everyone's data should be secure from unnecessary snooping and encryption itself is not a bad thing. But the IWF is all about protecting victims and we say that the way in which DNS over HTTPS is being implemented is the problem.

If it was set as the default on the browsers used by most of us in the UK, it would have a catastrophic impact. It would make the horrific images we've spent all these years blocking suddenly highly accessible. All the years of work for children's protection could be completely undermined -- not just busting the IWF's block list but swerving filters, bypassing parental controls, and dodging some counter terrorism efforts as well.

From the IWF's perspective, this is far more than just a privacy or a tech issue, it's all about putting the safety of children at the top of the agenda, not the bottom. We want to see a duty of care placed upon DNS providers so they are obliged to act for child safety and cannot sacrifice protection for improved customer privacy.

The Chinese government appears to have launched a major new internet purge, blocking users from accessing The Intercept's website and those of at least seven other Western news organizations.

People in China began reporting that they could not access the websites of The Intercept, The Guardian, the Washington Post, HuffPost, NBC News, the Christian Science Monitor, the Toronto Star, and Breitbart News.

It is unclear exactly when the censorship came into effect or the reasons for it. But Tuesday marked the 30th anniversary of the Tiananmen Square massacre, and Chinese authorities have reportedly increased levels of online censorship to coincide with the event.

On a second front censors at two of China's largest social media companies appear to have taken aim at independent financial bloggers, as Beijing continues pumping out propaganda to garner public support for its trade dispute with the US.

At least 10 popular financial analysis blogs on social media app WeChat had all present and past content scrubbed, according to screenshots posted by readers. The Weibo accounts of two non-financial popular bloggers, including Wang Zhian, a former state broadcast commentator who wrote about social issues, were also blocked.

Back in March, ten major VPN providers including NordVPN, ExpressVPN, IPVanish and HideMyAss were ordered by Russian authorities to begin blocking sites present in the country's national blacklist. Following almost total non-compliance, the country's internet censor says that blocking nine of the services is now imminent.

Back in March, telecoms watchdog Roscomnadzor wrote to ten major VPN providers -- NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN -- ordering them to connect to the database. All teh foreign companies refused to comply.

Only teh Russia based company,Kaspersky Secure Connection, connected to the registry, Roscomnadzor chief Alexander Zharov informs Interfax .

Russian law says unequivocally if the company refuses to comply with the law -- it should be blocked. And it appears that Roscomnadzor is prepared to carry through with its threat. When questioned on the timeline for blocking, Zharov said that the matter could be closed within a month.

TechDirt comments:

The idea of an open global internet keeps taking a beating -- and the worst offender is not, say, China or Russia, but rather the EU.

We've already discussed things like the EU Copyright Directive and the Terrorist Content Regulation , but it seems like every day there's something new and more ridiculous -- and the latest may be coming from the Court of Justice of the EU (CJEU). The CJEU's Advocate General has issued a recommendation (but not the final verdict) in a new case that would be hugely problematic for the idea of a global open internet that isn't weighted down with censorship.

The case at hand involved someone on Facebook posting a link to an article about an Austrian politician, Eva Glawischnig-Piesczek, accusing her of being a lousy traitor of the people, a corrupt oaf and a member of a fascist party.

An Austrian court ordered Facebook to remove the content, which it complied with by removing access to anyone in Austria. The original demand was also that Facebook be required to prevent equivalent content from appearing as well. On appeal, a court denied Facebook's request that it only had to comply in Austria, and also said that such equivalent content could only be limited to cases where someone then alerted Facebook to the equivalent content being posted (and, thus, not a general monitoring requirement).

The case was then escalated to the CJEU and then, basically everything goes off the rails

See  detailed legal findings discussed by techdirt.com

 

Offsite Comment: Showing how Little the EU Understands About the Web

8th June 2019. See article from forbes.com by Kalev Leetaru

As governments around the world seek greater influence over the Web, the European Union has emerged as a model of legislative intervention, with efforts from GDPR to the Right to be Forgotten to new efforts to allow EU lawmakers to censor international criticism of themselves. GDPR has backfired spectacularly, stripping away the EU's previous privacy protections and largely exempting the most dangerous and privacy-invading activities it was touted to address. Yet it is the EU's efforts to project its censorship powers globally that present the greatest risk to the future of the Web and demonstrate just how little the EU actually understands about how the internet works.

A Polish court has held a first hearing in a case brought against Facebook by a historian who says that Facebook engaged in censorship by suspending accounts that had posted about a nationalist rally in Warsaw.

Historian Maciej Swirski has complained that Facebook in 2016 suspended a couple of accounts that provided information on an independence day march organised by far-right groups. Swirski told AFP:

I'm not a member of the National Movement, but as a citizen I wanted to inform myself on the event in question and I was blocked from doing so,

This censorship doesn't concern my own posts, but rather content that I had wanted to see.

Facebook's lawyers argued that censorship can only be exercised by the state and that a private media firm is not obligated to publish any particular content.

The next court hearing will take place on October 30.

A new bill introduced last week in the New York State Senate would give New Yorkers stronger online privacy protection than residents of any other state, notably California which was ahead of the game until now.

The New York bill authored by Long Island senator Kevin Thomas goes further than California and requires platforms such as Google, Facebook and others to to attain consent from consumers before they share and/or sell their information.

Unlike the California law, however, the proposed New York bill gives users the right to sue companies directly over privacy violations, possibly setting up a barrage of individual lawsuits, according to a report on the proposed legislation by Wired magazine .

The New York bill also applies to any online company, while the California law exempts any company with less that $25 million annual gross revenue from its requirements.

And as a final flourish, the bill required that any company that hoovers up user data must use that data in ways that benefit the user, before they use it to turn a profit for themselves.

YouTube has decided to adopt a widespread censorship rule to ban the promotion of hate speech. Google wrote:

Today, we're taking another step in our hate speech policy by specifically prohibiting videos alleging that a group is superior in order to justify discrimination, segregation or exclusion based on qualities like age, gender, race, caste, religion, sexual orientation or veteran status.

However for all the Artificial Intelligence it has at its disposal the company cannot actually work out which videos promote hate speech. Instead it has taken to banning videos referencing more easily identifiable images such as Nazi symbology, regardless of the context in which they are presented.

For example YouTube has blocked some British history teachers from its service for uploading archive material related to Adolf Hitler.

Scott Allsopp, who owns the longrunning MrAllsoppHistory revision website and teaches at an international school in Romania, had his channel featuring hundreds of historical clips on topics ranging from the Norman conquest to the cold war deleted for breaching the rules that ban hate speech. Allsopp commented:

It's absolutely vital that YouTube work to undo the damage caused by their indiscriminate implementation as soon as possible. Access to important material is being denied wholesale as many other channels are left branded as promoting hate when they do nothing of the sort.

While previous generations of history students relied on teachers playing old documentaries recorded on VHS tapes on a classroom television, they now use YouTube to show raw footage of the Nazis and famous speeches by Adolf Hitler.

Richard Jones-Nerzic, another British teacher affected by the crackdown, said that he had been censured for uploading clips to his channel from old documentaries about the rise of Nazism. Some of his clips now carry warnings that users might find the material offensive, while others have been removed completely. He said he was appealing YouTube's deletion of archive Nazi footage taken from mainstream media outlets, arguing that this is in itself form of negationism or even holocaust denial.

Allsopp had his account reinstated on Thursday following an appeal but said he had been contacted by many other history teachers whose accounts have also been affected by the ban on hate speech. Users who do not swiftly appeal YouTube's decisions could find their material removed for good.

P hotographer Spencer Tunick and  the National Coalition Against Censorship organise a nude art action outside the Facebook's New York headquarters on June 2, when some 125 people posed naked in front of Facebook's building as Tunick photographed them as part of the NCAC's #WeTheNipple campaign.

In response Facebook agreed to convene a group--including artists, art educators, museum curators, activists, and employees--to consider new nudity guidelines for images posted to its social-media platforms.

The NCAC said it will collaborate with Facebook in selecting participants for a discussion to look into issues related to nude photographic art, ways that censorship impacts artists, and possible solutions going forward.

However before artists get their expectations up, they should know that it is standard policy that whenever Facebook get caught out censoring something, they always throw their arms up in feigned horror, apologise profusely and say they will do better next time.

They never do!