Adult entertainment industry sues again over law requiring pornographic sites to verify users’ ages

bnew

Veteran
Joined
Nov 1, 2015
Messages
57,334
Reputation
8,496
Daps
159,999

Adult entertainment industry sues again over law requiring pornographic sites to verify users’ ages​

FILE - The Indiana Statehouse appears on May 5, 2017, in Indianapolis. An adult film industry association is challenging an Indiana law that requires pornographic websites to verify users’ ages in federal court. (AP Photo/Michael Conroy, File)

FILE - The Indiana Statehouse appears on May 5, 2017, in Indianapolis. An adult film industry association is challenging an Indiana law that requires pornographic websites to verify users’ ages in federal court. (AP Photo/Michael Conroy, File)

BY ISABELLA VOLMERT

Updated 2:19 PM EDT, June 11, 2024


INDIANAPOLIS (AP) — An Indiana law that requires pornographic websites to verify users’ ages — one of numerous such statutes in effect across the country — is being challenged by an association of the adult entertainment industry.

In April, the U.S. Supreme Court rejected a request by the same group, the Free Speech Coalition, to block a similar law in Texas.

According to the Indiana law signed by Republican Gov. Eric Holcomb in March, the state’s attorney general and individuals can bring legal action against a website’s operator if material “harmful to minors” is accessible to users under the age of 18.

In addition to Indiana and Texas, similar laws have been enacted in Arkansas, Kansas, Louisiana, Mississippi, Montana, Oklahoma, Utah and Virginia. Backers of such laws say they protect children from widespread pornography online, while opponents say the laws are vague and raise privacy concerns.

In the complaint filed Monday, the association says the Indiana law is unenforceable and unconstitutional. The group is asking a federal judge in Indianapolis to issue a preliminary injunction against the law before it takes effect on July 1 and to block the law permanently.

Indiana Attorney General Todd Rokita — listed as a defendant in the lawsuit — said in a post on X that he looks forward to defending the law in court.

“Children shouldn’t be able to easily access explicit material that can cause them harm,” the post said. “It’s commonsense.”

The Texas law remains in effect as the Supreme Court weighs the Free Speech Coalition’s full appeal. The Utah law was upheld by a federal judge in August, and a federal judge dismissed a challenge against Louisiana’s law in October.
 

bnew

Veteran
Joined
Nov 1, 2015
Messages
57,334
Reputation
8,496
Daps
159,999


Porn site operators sue Indiana attorney general over user age verification law​

One-third of all U.S. states have enacted or considered enacting laws requiring users to verify their age before they can view adult content on the internet.

DAVE BYRNES / June 10, 2024

w=1880
(Image by Franco Alva from Unsplash via Courthouse News)

INDIANAPOLIS (CN) — An international group of pornography website operators sued Indiana Attorney General Todd Rokita in federal court Monday, hoping to block a recent state law that requires users to prove they are over 18 before they can access adult content online.

The website operators — based in Cyprus, Czechia, Romania and Florida — were joined in their lawsuit by the California-based Free Speech Coalition, a nonprofit trade association for the adult entertainment industry.

The plaintiffs say Indiana's new law, which is set to take effect in July, violates the First, Fifth, Eighth and 14th Amendments, as well as the 1996 federal Communications Decency Act, which helps regulate porn at the federal level.

"Despite impinging on the rights of adults to access protected speech, it fails strict scrutiny by employing the least effective and yet also the most restrictive means of accomplishing Indiana’s stated purpose of allegedly protecting minors," the plaintiffs claim in their 34-page complaint.

Republican Indiana Governor Eric Holcomb signed the age verification bill into law in March. Authored and sponsored by GOP state lawmakers, it requires porn sites operating in the state to implement a "reasonable age verification method" to ensure any Hoosier accessing their websites is 18 or older.

This could mean asking users to provide a driver's license or state ID, or making use of a third party age verification service.

The law also makes porn site operators liable for legal damages if a minor gets around their age verification system, allowing parents to sue for up to $5,000, injunctive relief and court costs.

According to the National Decency Coalition, an anti-pornography organization, Indiana is one of 19 mostly Republican-controlled states that have enacted laws requiring user age verification for porn sites in the last two years. Louisiana began the trend in 2022 and has since been joined by Alabama, Arkansas, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Mississippi, Montana, Nebraska, North Carolina, Oklahoma, South Carolina, Tennessee, Texas, Utah and Virginia. Alaska and Arizona have considered similar legislation.

State legislators have claimed they seek to use the laws to protect minors from content they deem harmful or inappropriate.

"Indiana has an opportunity to protect children from many types of pornographic material on the internet by simply limiting access to adults," one of the Indiana law's author's, GOP State Senator Mike Bohacek, said when introducing it in November 2023. "These verification methods aren't restricting the rights of legal adults, just tightening the law to ensure kids don't access harmful material."

But the plaintiffs in Monday's suit against Indiana claim that state's law violates adults' right to privacy and could expose personal information to online threats.

"Any claimed benefit of age verification imposed by the Act does justify the burdens imposed on adults — the vast majority of whom value their online privacy and do not wish to expose exploitable personal data simply to view constitutionally-protected material they have every right to view," the plaintiffs wrote. "The high risk of data breaches and leaks resulting from compliance with the Act serves as an unavoidable barrier preventing adults from divulging their information over the internet."

Plus, the plaintiffs claim, the law is easy to circumvent: It would be difficult to block only Indiana IP addresses from accessing their porn sites, particularly near state borders, and there are a number of free and commercially available web technologies could allow Indiana users to get around such a block.

These include proxy servers, the open-source Tor Browser and virtual private networks that can make it seem as though users are accessing a website from a different country.

The plaintiffs suggested that user-end technologies, such as parental controls on children's devices, would be more effective at protecting minors from sexual content their parents don't want them to see.

"But such far more effective and far less restrictive means don’t really matter to Indiana, whose true aim is not to protect minors but to squelch constitutionally protected free speech that the State disfavors," the plaintiffs said.

The Indiana Attorney General's Office did not speak to the merits of the case when asked for comment.

"As with with every law passed by the General Assembly and signed by the governor, it's our offices duty to defend its constitutionality in court. This is no different," a spokesman for the office told Courthouse News in an email.

Challenges have followed age verification laws in other states, too. The Free Speech Coalition's attempt to block Utah's law is pending before the Tenth Circuit after a lower court dismissed its complaint last August. In April the Supreme Court declined to block Texas' law. Social media companies like Meta and Google joined a lawsuit against Mississippi over its own age verification law on Friday.
 

bnew

Veteran
Joined
Nov 1, 2015
Messages
57,334
Reputation
8,496
Daps
159,999

Age Verification Systems Will Be a Personal Identifiable Information Nightmare​

Online ID checking is insecure, bad for privacy, and will not help children.

By Sarah Scheffler

Posted Jun 10 2024

Credit: Shutterstock face scan, illustration



During the last few months, lawsuits have challenged new laws in Arkansas, Texas, California, Louisiana, and Utah that require showing government-issued photo ID to verify age when accessing social media websites. a More than 10 states have passed strict online age verification requirements on certain websites—and while some of the laws are narrowly targeted to pornographic websites, others cast a wider net and include categories such as social media under their umbrella. b

These new laws attempt to improve online child safety by strictly verifying the age of website visitors. Instead of the old approach—checking a box to indicate you are at least 18 years of age—the laws require that websites use a much more drastic method to verify your age: showing a government-issued photo ID. Some ID-verification services additionally require a “liveness check”: a fresh “selfie” image to confirm a person looks like their ID photo. Although some of the new laws do not specifically mandate ID checking, they all mandate a commercial age verification method “at least as good” as an ID check. The main commercial alternative is to use AI to estimate age based on a selfie image alone, c but IDs are still required to verify the age for anyone the AI guesses is too young.

While I share these policymakers’ desire to make the Internet a safer place for children, this isn’t the way to do it. This goes way beyond checking age. These laws effectively mandate the collection of an ID—the epitome of Personally Identifiable Information (PII)—from all visitors to these websites. These laws are a disaster for privacy, and create incentives that will only worsen the problem over time. They will be a security disaster, since all that ID information is a gold mine for identity theft. And they will not actually create the online environment we want for children.

Privacy and Security Difficulties​

These age-verification proposals create an immediate problem for privacy. In principle, age verification should only communicate a single yes/no bit of information: Do you meet the age requirement, or not? But the new laws go much further than simply verifying age. To meet the new requirements, an individual would have to show their entire ID, which contains a lot more information about a person’s identity than just date of birth.

Proponents of ID-based age verification compare this process to checking an ID at a bar to buy alcohol. But the situation online is quite different from that. When a bartender manually inspects an ID, we forgive this minor privacy violation partly because we deem it unlikely that the bartender is going to write down our name and address, record our activities, and sell the information to others for profit. Even though some bars use digital scanners to verify IDs, many states have laws regulating the purpose, data retention, and consent requirements of that procedure. d But this attention to privacy is rare online, where data brokering is the norm rather than the exception.

Beyond the privacy issues, these systems also pose a cybersecurity risk. In a world where data breaches and cyberattacks are commonplace, we generally encourage the collection of less, not more, sensitive information. A stored collection of government-issued photo IDs and face biometrics is a glaring target for hackers and identity thieves.

A few factors make the new age-verification laws stand out against the broader landscape of online security and privacy challenges. First, a government-issued photo ID has a sensitivity about it that even usernames and passwords do not. This is a significant expansion in the collection of PII even by today’s privacy-unfriendly standards. Anyone—child or adult—who does not want to show their full identity to access a website would simply be denied access. Second, the new laws are a significant expansion in the information that websites (or a third-party service) are required to collect. Any websites that wish to provide additional privacy and implement their own verification tool will risk opening themselves up to liability, unless they use an established ID-checking tool from the nascent ID verification service industry. And third, that new industry is driven by a profit incentive to deploy ID verification on more websites and collect more data, which will only exacerbate the privacy and cybersecurity issues over time. These laws result in both profit and legal incentives to track the ID information of visitors to any website sensitive enough to warrant age verification—and from social media to pornography, many of these are the exact websites where visitors want extra privacy.

All of these concerns would apply to any online ID collection, even if the goal was full identity verification. But these new laws force us to grapple with the same huge privacy and security issues, when the target goal is much narrower: verifying only age, not identity.

If the new age verification mechanisms catch on, we should require—not merely allow—these systems to be privacy preserving. If something is going to be tracked, we should insist that it is only age, not identity.

Implementation Issues​

These age-verification systems will also face practical challenges far beyond simple ID checking. The difficulties with parental consent serve to illustrate why online ID-based age verification is not the solution to helping children its proponents want it to be.

Since today’s “Are you over 18?” checkboxes work perfectly fine to block accidental underage access, it would seem one of the goals of strict ID-based age verification is to block intentional access. But tools already exist that limit intentional access—and in a much more flexible and privacy-respecting way than ID verification. Parental controls on devices, operating systems, networks, and routers already limit access to these websites, and they do so without collecting any IDs at all.

Those tools also provide parents with the freedom to choose their own limits for their children. Some of the laws—especially those age-gating social media—make an exception for minors who have obtained parental consent to access age-restricted websites. But as pointed out in the recent age-verification lawsuits e parental consent is even more difficult to rigorously verify than age. It involves not only knowing the identity of the child and parent/guardian but also the relationship between them. That problem is not solved by IDs alone, and it has many edge cases due to the many arrangements between parents, guardians, and children.

This need for flexibility is a requirement, not an afterthought. Some of the age verification proposals go well beyond pornography and include social media; some apply to the ambiguous term of “adult content”—a term that to some encompasses sexual education, religious content, violent content, or portrayal of gender non-conformance. Many parents will feel strongly that their children should be able to access some of these sites. So the flexibility of parental consent must be a core consideration—it cannot be an afterthought that renders the whole ID checking system moot.

Where Do We Go from Here?​

In many ways, today’s wave of age verification laws is a reminder of the 26-year-old U.S. Supreme Court case Reno v. ACLU, (1997), which found the Communication Decency Act’s methods for “protect[ing] minors from indecent and patently offensive communications on the Internet” to be too broad under the free speech guarantees of the First Amendment. Many of the difficulties discussed in this column were litigated in that case as well, including parental consent, accidental rather than intentional access, and the fuzzy lines around “adult content.” In Reno, the Court concluded that the well-intentioned goals of the law would ultimately restrict and overburden adults’ access to information, imposing upon their free speech.

The new laws pose all the same free speech difficulties—and also bring a new privacy nightmare of widespread ID collection. If we are serious about protecting privacy, then I see three potential paths for age verification.

Path 1: Legal protections. If the current strict ID-based age verification laws are here to stay, we should accompany them with strong legal privacy protections. Moreover, we should ensure this privacy protection applies to any ID usage in general. Every time a website or third-party service collects an ID for any purpose, it should use and share only the single bit representing whether the visitor is over the age limit—using, selling, or sharing any other info from the ID should be prohibited. Age verification, or any ID verification, should not be used as an excuse to collect and broker massive datasets of legal names, addresses, ID numbers, or biometrics. At minimum, policymakers should ensure that digital ID verification adheres to at least the same privacy protections granted to physical ID scanning—and should revisit those policies in light of the modern data-sharing age.

Path 2: Cryptography. Second, we could use cryptography to verify only age from IDs, rather than revealing all identity information to the age verifier. Anonymous credentials allow someone to prove some fact about themselves (such as being at least 18 years old) without revealing their entire identity. The core idea dates back to a 1985 post in Communications by David Chaum.

Since then, many developments have been made to the technical functionality, but these have struggled to reach widespread adoption due to practical key management barriers. Recent research by Rosenberg et al. builds anonymous age verification by storing cryptographic proofs from ID providers on a shared public ledger via the Etherium blockchain. 1 However, significant practical barriers remain, including dealing with the messy details of location and jurisdiction, the interface between traditional IDs and the necessary cryptographic proofs, and the need to utilize a single public ledger that stores many large cryptographic objects. This cryptographic approach would be a definite improvement for privacy and security over raw ID verification, but it will struggle to deal with the flexibility and implementation issues of parental consent I described earlier.

Path 3: Use existing tools. Or, we could leave the question of blocking intentional access to adult content to existing parental controls that are better suited to the job. Websites should continue using existing age-gates to warn users about the contents of the site, preventing accidental access without impacting free speech and privacy. Parental controls and safe searches already provide mechanisms to prevent viewing age-inappropriate content, and do so in a much more flexible and privacy-respecting way than heavy-handed ID verification.

Online ID checking is a privacy and security disaster waiting to happen, and is not a practical approach to age verification. While I continue to look for ways to make the Web a safer place for children, widespread ID collection puts us all at risk—including the very minors these new laws are supposed to protect.
 

Starman

Superstar
Supporter
Joined
May 3, 2012
Messages
15,700
Reputation
-2,934
Daps
34,294
Let each state restrict porn as it sees fit. This isn't speech. shytty court got hoodwinked by some deviants.
 

Dafunkdoc_Unlimited

Theological Noncognitivist Since Birth
Joined
Jul 25, 2012
Messages
45,063
Reputation
8,154
Daps
122,260
Reppin
The Wrong Side of the Tracks
Let each state restrict porn as it sees fit. This isn't speech. shytty court got hoodwinked by some deviants.
Porn is protected by the First Amendment, breh....

 

bnew

Veteran
Joined
Nov 1, 2015
Messages
57,334
Reputation
8,496
Daps
159,999

Pornhub to leave five more states over age-verification laws​


The new laws are aimed at protecting minors, but have raised questions about broader online privacy issues.​

Anna Washenko

·Contributing Reporter

Wed, June 19, 2024 at 3:49 PM EDT·2 min read

1.9k

0b20aeb0-2e74-11ef-9fe7-7940f1d98c9c

Ethan Miller via Getty Images

Pornhub will cease operating in five more states this summer due to new legislation that requires age verification on adult entertainment websites. The move is in response to a wave of recently-passed laws that require porn websites and other platforms with explicit adults-only content to collect proof of their users' ages. In all of these states, that means people would need to upload a copy of their driver's license or other government ID, or register with a third-party age verification service, in order to use sites like Pornhub.

A blog post from Pornhub said that its latest locations for shutdowns are Idaho, Indiana, Kansas, Kentucky and Nebraska. The site said it would end operations in those states in July 2024. The website closed in Texas last week, and has also blocked access to its site in Arkansas, Mississippi, Montana, North Carolina, Utah, and Virginia in response to similar state legislation.

Lawmakers from these states who supported age-verification laws said the rules would keep children from viewing explicit content. For example, the Kentucky bill framed pornography as a “public health crisis” with a “corroding influence” on children.

Pornhub parent company Aylo has countered that the approach taken by these laws puts users' privacy at risk and may not actually prevent minors from seeing explicit content. After Louisiana enacted a similar law last year and Aylo remained in operation with a government-supported age verification service, Pornhub traffic in the state dropped 80 percent.

"These people did not stop looking for porn," Aylo told the Indiana Capital Chronicle. "They just migrated to darker corners of the internet that don’t ask users to verify age, that don’t follow the law, that don’t take user safety seriously, and that often don’t even moderate content." The company advocates a device-based age verification solution rather than state legislation to keep minors off of adults-only sites.

The Electronic Frontier Foundation also raised privacy concerns around these bills, noting that no age-verification method is completely foolproof. "No one should have to hand over their driver’s license just to access free websites. That’s why EFF opposes mandated age verification laws, no matter how well intentioned they may be," the organization said in a 2023 statement.
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,668
Reputation
4,786
Daps
115,484
Reppin
South Kakalaka
So long as there’s a way to protect identities I have no problem with this. and I bet the industry will start scrambling to find a way to do it too.
 
Top