Your Daily Broadsheet

A three-judge panel of the 5th Circuit Court of Appeals has issued an administrative stay on the preliminary injunction blocking Texas House Bill 1181 from entering into force. This means that the law requiring age verification for internet porn is now in effect, at least until a full hearing challenging the internet censorship law as unconstitutional.

House Bill (HB) 1181 is a controversial law requiring an age verification regimen for all adult websites that have users from Texas IP addresses. The law was challenged in a federal district court last month due to a measure in the bill that would require adult websites to additionally post health warning labels at the top and bottom of web pages and on marketing collateral.

The Free Speech Coalition, the parent companies of the largest adult tube sites in the world, and pay-sites affiliated with these platforms sued the state of Texas , arguing that HB 1181 is unconstitutional because it violates the First Amendment.

They argued that a government cannot require a privately owned website to issue a public health warning when the claims in the warnings are not accepted by mainstream medicine, psychology and neuroscience.

Senior U.S. District Judge David Alan Ezra agreed with the plaintiffs and issued a preliminary injunction temporarily blocking Texas from enforcing the law. but it was this decision that was overturned in this appeal.

The North Carolina Senate has voted unanimously to mandate age verification on adult websites, after a Republican senator snuck a copycat amendment mirroring other states' requirements into an unrelated bill.

Senator Amy Galey added the requirement to House Bill 8, a previously unrelated measure that would add a computer science class to the state's high school graduation requirements.

Galey justified her amendment by saying the measure was needed to protect children, citing the seven other states that have passed similar laws and noting with satisfaction that overall traffic to adult websites in Louisiana dropped 80% after that state's age verification law passed.

North Carolina's HB 8 is now headed back to the state's House of Representatives for further debate.

The UK's disgraceful Online Safety Bill has passed through Parliament and will soon become law. The wide-ranging legislation, which is likely to affect every internet user in the UK and any service they access, and generate mountains of onerous red tape for any internet business stupid enough to be based in Britain. Potential impacts are still unclear and some of the new regulations are technologically impossible to comply with.

A key sticking point is what the legislation means for end-to-end encryption, a security technique used by services like WhatsApp that mathematically guarantees that no one, not even the service provider, can read messages sent between two users. The new law gives regulator Ofcom the power to intercept and check this encrypted data for illegal or harmful content.

Using this power would require service providers to create a backdoor in their software, allowing Ofcom to bypass the mathematically secure encryption. But this same backdoor would be abused by hackers, thieves, scammers and malicious states to snoop, steal and hack.

Beyond encryption, the bill also brings in mandatory age checks on pornography websites and requires that websites have policies in place to protect people from harmful or illegal content. What counts as illegal and exactly which websites will fall under the scope of the bill is unclear, however.

Neil Brown at law firm decoded.legal says Ofcom still has a huge amount of work to do. The new law could plausibly affect any company that allows comments on its website, publishes user-generated content, transmits encrypted data or hosts anything that the government deems may be harmful to children, says Brown:

What I'm fearful of is that there are going to be an awful lot of people, small organisations - not these big tech giants -- who are going to face pretty chunky legal bills trying to work out if they are in scope and, if so, what they need to do.

A federal judge has granted a request to block the California Age-Appropriate Design Code Act (CAADCA), a law that requires special data safeguards for underage users online.

The law is based upon a bizarre UK censorship policy seemingly intended to age gate much of the internet. The idea is to verify that users are old enough to understand the consequences of sharing personal data. But of course users are expected to hand over loads of personal date to prove that they are old enough to understand the dangers of handing over loads of personal data.

In a ruling, Judge Beth Freeman granted a preliminary injunction for tech industry group NetChoice, saying the law likely violates the First Amendment. It's the latest of several state-level internet regulations to be blocked while a lawsuit against them proceeds, including some that are likely bound for the Supreme Court .

The CAADCA is meant to expand on existing laws -- like the federal COPPA framework -- that govern how sites can collect data from children. But Judge Freeman objected to several of its provisions, saying they would unlawfully target legal speech. Although the stated purpose of the Act -- protecting children when they are online -- clearly is important, NetChoice has shown that it is likely to succeed on the merits of its argument that the provisions of the CAADCA intended to achieve that purpose do not pass constitutional muster, wrote Freeman.

Mugen Souls Z is a 2013 Japanese role playing game by Compile Heart

Eastasiasoft's uncut MUGEN SOULS Z is now banned under Australia's random rating generator called the automated International Age Rating Coalition (IARC) system. The decision appeared on September 14, the day of the Nintendo Switch release.

Back in March 2014, it received an M rating (like a PG-15) for sexualised innuendo and nudity.

Eastasiasoft tweeted:

The eShop page for MUGEN SOULS Z is live! Coming to Nintendo Switch on September 14th featuring content true to the Japanese original (hot springs mini-games, gallery images and more). MUGEN SOULS Z won't be officially available in Australia because of refused classification, sorry.

The PlayStation 3 version has always been cut for release in the US, Europe and Australia.

This week Ofcom hosted the first annual meeting of the Global Online 'Safety Regulators' Network (GOSRN), which brings together censors from Europe, Asia, Africa and the Pacific to discuss solutions to 'global online safety challenges'.

GOSRN is a collaboration between the first movers in internet censorship, including the eSafety Commissioner (Australia); Coimisiún na Meán (Ireland); the Film and Publication Board (South Africa); the Korea Communications Standards Commission (Republic of Korea); the Online Safety Commission (Fiji); and Ofcom (UK).

Members reflected on progress made in the first year of the network's existence and discussed ways in which internet censors can further enhance collaboration in the year to come.

Network members agreed to appoint Ofcom as Chair of the Network for 2024.

In July 2023, Vietnam's Ministry of Information and Communications (MIC) issued a draft law to update the country's video game censorship laws currently defined by Decree 72. The MIC is taking feedback in a public consultation until September 15, 2023.

The current rules under Decree 72 are as follows:

Foreign companies must establish an entity in Vietnam in accordance with the country's foreign investment legislation in order to provide video game services. Foreign ownership is also limited to 49% under Vietnam's current foreign investment regulations. This means that companies looking to legally distribute video games in Vietnam will be required to set up a joint venture or sign a business cooperation contract with a local company.

Video games are organized into the following categories:

• G1 games: Video games that have interaction between multiple players via the server;
• G2 games: Video games that only have interaction between the players and the server (but no interaction between different players);
• G3 games: Video games that have interaction between multiple players but no interaction between the players and the server; and
• G4 games: Video games that are downloaded from the internet without interaction between players or between players and the server.

Video games are also classified by age:

• 18 and up (denoted as 18+): Games with continuous protest and combat activities using weapons of a violent nature; no sexually explicit activities, sounds, images, language, or suggestions
• 12 and up (denoted as 12+): Games involving resistance and combat activities with the use of weapons, but the weapon imagery is not displayed in close-up or clear detail; there is a moderate amount of sound and weaponry during combat; there are no activities, images, sounds, languages, dialogues, default character imagery, explicit content, or scenes that draw attention to sensitive body parts.
• Players of all ages (denoted as 00+): Animated simulation games in which there are no weapon-based activities; there are no eerie sounds or imagery, horror, or violence; there are no activities, sounds, languages, dialogues, default character imagery, explicit content, or scenes that draw attention to sensitive body parts on the human body.

The draft decree released in July 2023 will add an additional 16+ age category:

• 16 and up (denoted as 16+): Games that involve protest and combat activities using weapons; no activity, imagery, sound, language, dialogue, sexually suggestive characters, or content that draws attention to sensitive body parts.

In order for a company to provide G1 games, it must obtain a license to provide game services and receive approval for the game's contents from the MIC. To provide G2, G3, and G4 games, a company must obtain a certificate of registration and announce the service provision for each video game.

Companies must meet the following requirements to provide video game services in Vietnam:

• Be established in accordance with Vietnamese law and have a certificate of business registration for video game services;
• Have registered domain names for the services;
• Have sufficient financial and technical capacity, organizational structure, and personnel suitable for the scale of operations; and
• Have measures in place to ensure information safety and security.

The validity of a video game license may vary depending on the request of the company but cannot exceed 10 years under the current Decree 72. However, this time limit has been reduced to five years in the draft decree.

In addition, to provide G1 games, the service provision system of the company must also meet certain criteria:

• Being capable of storing and updating the personal information of players, including their full name, date of birth, permanent residence address, identity card/citizen identification card/passport number and its date and place of issue, and phone number and email address.
• Having a payment control system for the video games located in Vietnam and connected to Vietnam's payment support service providers, ensuring accurate and sufficient updates and storage and allowing players to search for detailed information on their payment accounts.
• Being able to manage players' playtime from 00:00 to 24:00 hours daily and ensure the total playtime of all G1 electronic games for players under the age of 18 does not exceed 180 minutes per day.
• Continuously display the player age classification for all games during the game's introduction, advertising materials, and during the game's service provision; and display the warning Playing for more than 180 minutes a day will badly affect your health in prominent positions in games' forums or on players' computer screens during playtime.

The draft decree has lowered the daily limit for players under the age of 18 from 180 minutes to just 60, in line with the proposed reduction of the daily limit in the previous draft amendment to Decree 72. However, whereas this was initially only proposed for G1 games, the draft decree stipulates the same requirement for G2, G3, and G4 games as well.

Video games are subject to certain censorship laws, and companies must obtain approval from the MIC to ensure that their content is not prohibited. Under Decree 72, the following content is prohibited:

• Images or sounds that are horrifying, incite violence and brutality, are vulgar, erotic and obscene, immoral, contrary to traditional ethics and culture and national customs, or distort and undermine history; and
• Images or sounds that depict suicide, use of drugs, alcohol, and tobacco, or terrorism, child maltreatment, abuse, and trafficking, or other harmful or illegal acts.
• Opposition to the State of the Socialist Republic of Vietnam;
• Undermining national security and social order and safety;
• sabotage of national unity;
• conduct propaganda about wars and terrorism;
• sow hatred or division among ethnicities, races, and religions;
• Propagate and incite violence, obscenity, pornography, crimes, social vices, and superstition;
• harm national traditions and customs; Disclose state secrets, military, economic, and diplomatic secrets, or other secrets protected by law;
• Provide information that distorts, slanders, or offends the reputation of organizations or honor and dignity of individuals;
• Advertise, propagate, and trade in banned goods or services;
• spread banned newspaper articles, works of literature or art, and publications; and
• Impersonate other organizations and individuals and spread false and untruthful information that infringes upon the rights and lawful interests of other organizations and individuals.

The draft decree adds two articles regulating virtual items, units, and reward points and game cards. The draft decree stipulates that companies may only create virtual items, units, and reward points for the video games to be used in exchange for virtual items within the scope of the game itself.

The U.K.'s Online Safety Bill has passed a critical final stage in the House of Lords, and envisions a potentially vast scheme to surveil internet users.

The bill would empower the U.K. government, in certain situations, to demand that online platforms use government-approved software to search through all users' photos, files, and messages, scanning for illegal content. Online services that don't comply can be subject to extreme penalties, including criminal penalties.

Such a backdoor scanning system can and will be exploited by bad actors. It will also produce false positives, leading to false accusations of child abuse that will have to be resolved. That's why the bill is incompatible with end-to-end encryption--and human rights. EFF has strongly opposed this bill from the start.

Now, with the bill on the verge of becoming U.K. law, the U.K. government has sheepishly acknowledged that it may not be able to make use of some aspects of this law. During a final debate over the bill, a representative of the government said that orders to scan user files can be issued only where technically feasible, as determined by Ofcom, the U.K.'s telecom regulatory agency. He also said any such order must be compatible with U.K. and European human rights law.

That's a notable step back, since previously the same representative, Lord Parkinson of Whitley Bay, said in a letter to the House of Lords that the technology that would magically make invasive scanning co-exist with end-to-end encryption already existed . We have seen companies develop such solutions for platforms with end-to-end encryption before, wrote Lord Parkinson in that letter.

Now, Parkinson has come quite close to admitting that such technology does not, in fact, exist. On Tuesday, he said :

There is no intention by the Government to weaken the encryption technology used by platforms, and we have built strong safeguards into the Bill to ensure that users' privacy is protected.

If appropriate technology which meets these requirements does not exist, Ofcom cannot require its use. That is why the powers include the ability for Ofcom to require companies to make best endeavors to develop or source a new solution.

The same day that these public statements were made, news outlets reported that the U.K. government privately acknowledged that there is no technology that could examine end-to-end encrypted messages while respecting user privacy.

 

People Need Privacy, Not Weak Promises

Let's be clear: weak statements by government ministers, such as the hedging from Lord Parkinson during this week's debate, are no substitute for real privacy rights.

Nothing in the law's text has changed. The bill gives the U.K. government the right to order message and photo-scanning, and that will harm the privacy and security of internet users worldwide. These powers, enshrined in Clause 122 of the bill, are now set to become law. After that, the regulator in charge of enforcing the law, Ofcom, will have to devise and publish a set of regulations regarding how the law will be enforced.

Several companies that provide end-to-end encrypted services have said they will withdraw from the U.K. if Ofcom actually takes the extreme choice of requiring examination of currently encrypted messages. Those companies include Meta-owned WhatsApp, Signal, and U.K.-based Element, among others.

While it's the last minute, Members of Parliament still could introduce an amendment with real protections for user privacy, including an explicit protection for real end-to-end encryption.

Failing that, Ofcom should publish regulations that make clear that there is no available technology that can allow for scanning of user data to co-exist with strong encryption and privacy.

Finally, lawmakers in other jurisdictions, including the United States, should take heed of the embarrassing result of passing a law that is not just deceptive, but unhinged from computational reality. The U.K. government has insisted that through software magic, a system in which they can examine or scan everything will also somehow be a privacy-protecting system. Faced with the reality of this contradiction, the government has turned to an 11th hour campaign to assure people that the powers it has demanded simply won't be used.