- Ofcom is monitoring VPN use following introduction of Online Safety Act
- Its third-party tool appears to have AI capabilities
- Despite assurance, privacy and accuracy concerns remain
The UK’s communications regulator, Ofcom, has told Techradar that it’s using an unnamed third-party tool to monitor VPN use in the UK.
The agency responsible for implementing the Online Safety Act refused to name the platform. However, it seems to have artificial intelligence capabilities and – despite assurances that personal information isn’t being accessed – privacy concerns remain.
This comes after a tech minister,Baroness Lloyd, said in the UK House of Lords that “nothing is off the table” when it comes to protecting children online, though she acknowledged there are “no current plans to ban the use of VPNs”.
Open Rights Group, a leading UK civil society organization, warns that any attempt to restrict VPNs would have “a negative impact on free expression and privacy.”
We contacted Ofcom and asked them to clarify how its accessing information about VPN use in the UK. Here’s the statement we received via email:
“We use a leading third-party provider, which is widely used in the industry, to gather information on VPN usage. The provider combines multiple data sources to train its models and generate usage estimates. The data we access and use in our analyses is fully aggregated at the app level, and no personally identifiable or user-level information is ever included.”
Although Ofcom has been transparent about the existence of VPN monitoring, this is the first time it has provided any information outlining the methods it is using.
Unfortunately, though, the agency’s response raises more questions than it answers.
While using a third-party vendor isn’t surprising, the fact that Ofcom refuses to identify who it is raises concerns.
Ofcom has not responded to our follow-up request for additional information. That means there’s no way of the public knowing whether the data provider is a company with a track record of protecting people’s privacy, or one known to use invasive surveillance techniques.
Ofcom’s statement also suggests it’s relying on a tool with AI capabilities (as it “combines multiple data sources to train its models”), but the exact functions of the platform remain hidden.
Given that there are so many potential sources of this data – from internet service providers (ISPs) to website administrator logs – it’s nearly impossible to assess the platform’s potential accuracy or privacy credentials without additional details.
Similarly, while identifiable information may be excluded from the data Ofcom analyzed, there’s nothing that suggests the data is not at risk of re-identification.
Finally, the fact that a regulator is using tools (and therefore presumably spending money and resources) to specifically track the public’s use of software designed to enhance digital privacy is likely to ring alarm bells. However well-intentioned, tracking the use of VPNs risks undermining their very purpose as a privacy tool.
Why monitor VPNs?
VPNs pose a problem to the UK government and Ofcom, specifically with regards to the controversial Online Safety Act, because VPNs allow people to bypass age checks. They do this by connecting to a VPN server in a different country where those age checks do not occur.
By Ofcom’s own estimates, the number of daily VPN users rose to around 1.5 million following the introduction of mandatory age checks on adult websites earlier this year. However, without additional transparency about how the agency came up with this number – which may have relied on the same secret tool – it’s impossible to tell how accurate it is.
It’s understandable that Ofcom wants to monitor the use of VPNs to determine if the new legislation is working as intended. The problem is that the method it’s using may be inaccurate or actively threatening people’s privacy.
An increase in the number of people using VPNs doesn’t necessarily mean people are bypassing the law, either. “It’s important to note VPNs can help protect children’s security online too, they aren’t just used to avoid content blocks,” says James Baker, Program Manager at Open Rights Group.
Several VPNs now offer adult site blocking as part of their subscription plans, including NordVPN and Surfshark the latter of which recently introduced its Web Content Blocker tool specifically for the protection of children.
NordVPN’s tool automatically restricts access to adult websites and helps identify malicious websites while you’re browsing. Surfshark’s is able to prevent children from accessing a wide range of inappropriate material, as well as offering protection from malware and phishing sites.
What’s next?
Without greater transparency, it’s impossible to tell exactly what data Ofcom is analyzing and how it might shape the future of the Online Safety Act.
To help gain a clearer picture, we also reached out to the government department responsible for the legislation, the Department for Science, Innovation and Technology (DSIT) but it ignored our requests for comment.
Despite this lack of communication, a blanket VPN ban is still highly unlikely. It would be incredibly unpopular, almost impossible to implement, and certainly costly.
But, the use of tools to monitor how people in the UK are using VPNs is certainly setting a concerning precedent – a precedent more often associated with repressive governments than liberal democracies according to Baker.
He told TechRadar that most analytics platforms that analyze VPN data show that “VPN use has been lower in countries that have a greater degree of online freedom, and higher in more repressive regimes such as China, Russia or the UAE”.
Without greater transparency from the government – and its agencies overseeing legislation like the Online Safety Act – speculation that the UK is sliding towards digital authoritarianism will continue.
https://cdn.mos.cms.futurecdn.net/YejZAFYiUL79JkUc7CRHXn-970-80.jpg
Source link
samuel.woodhams@futurenet.com (Samuel Woodhams)
