My Lords, I am pleased to speak in support of Amendment 87A. I very much agree with what the noble Baroness, Lady Benjamin, said and do not propose to repeat it. I devote my speech to responding to the assertions made by the Minister in her letter of 8 March, in response to the debate in Committee. This seeks to justify not implementing Part 3 on the basis that
“recent technological changes could render Part 3 of the 2017 Act ineffective in protecting children if it were introduced as an interim measure. One of the Act’s enforcement powers was the power to require Internet Service Providers to block access to material on non-compliant services. Changes to the architecture of the internet may make this power obsolete.”
This has the feel of officials looking round for excuses not to implement Part 3 on at least three levels. First, one could be forgiven for concluding, on the basis of the letter, that IP blocking was the only enforcement mechanism for Part 3. It is actually one of three enforcement mechanisms so, even if it did not work, this would not make Part 3 ineffective. Secondly, the letter says only that IP blocking may not work at some point in the future—not that it does not work now or that there definitely will be a problem in future.
The reason the Government are concerned that blocking access to non-compliant websites may become problematic in future is because of a new way of navigating the internet, known as DNS over HTTPS, or DoH for short. It is not widely used at present but is likely to become more common in time. DNS stands for domain naming system; it is simply the phone book for the internet, allowing for translating the name of a website such as parliament.uk into its numerical address—in our case, 104.17.150.48. Presently, internet service providers are able to block access to particular websites simply by intercepting the query from a user wishing to access this telephone book. DoH encrypts those queries, making the current interception technology deployed by ISPs somewhat less capable of blocking access to non-compliant websites this way.
However, at some point in the process something has to connect the name of the site to its number, making blocking possible. In the case of DoH, this is an entity known as a DNS resolver, which is just another phone book but accessed securely. So the simplest solution, and the one the Government intend to use to block sites under the online safety Bill, is to instead turn to these resolver services and ask them to apply blocks, rather than the ISPs. The fact that this is how they intend to deal with the DoH enforcement challenge under the online harms Bill means that they should be able to deal with it that way under Part 3. But to fully appreciate why it is not remotely credible to argue that DoH constitutes a reason for not proceeding with Part 3, one must understand two further points.
First, even under DoH, ISPs still have the ability to determine which websites the user is visiting because not all aspects of the traffic are encrypted. As the well-respected online tech publication ZDNet states in an article on site blocking:
“ISPs know everything about everyone’s traffic anyway. By design, they can see to what IP address the user is connecting when accessing a website. This IP address can’t be hidden. Knowing the final IP destination reveals to what website a user is connecting, even if everything about his traffic is encrypted.”
Research has shown that a third-party can identify with 95% accuracy to which websites users were connecting, just by looking at the IP addresses. Secondly, if DoH constituted a major long-term challenge, which I do not believe it does, for the reasons I have set out, it is not relevant to our discussion today because we are talking about using Part 3 only as an interim measure between now and when the online harms Bill is ready.
Another government concern with the Digital Economy Act is that it is specific in naming internet service providers in the section relating to site blocking, so Ministers were told they will lack the power to ask a resolver service to block pornography websites which fail to implement age verification. The Minister argued this in her letter to the noble Baroness, Lady Benjamin, when writing that a reference to internet service providers or similar is usually applied in the traditional sense, requiring the major internet service providers to block access to certain websites. But looking in detail at this legislation, the definition of an ISP is not left to tradition but based explicitly on the European Union definition of an internet access service, which means
“a publicly available electronic communications service that provides access to the internet, and thereby connectivity to virtually all end points of the internet, irrespective of the network technology and terminal equipment used.”
Indeed, the Minister went on to accept as much, conceding that the department’s guidance to the regulator, coupled with the broader terminology of an internet access service used in EU legislation, may offer sufficient flexibility to extend the duty on internet service providers to cover other means of accessing the internet.
There is no credible technological reason why the Government could not implement Part 3 now as an interim measure. We would then have a regulator in place more quickly to take robust action against pornographic websites showing illegal extreme pornography that normalises rough sex practices and sexual aggression generally than if we just wait for the online harms Bill. In the context of current levels of concern about attacks
on women, the failure to deliver this protection as quickly as possible would be to fundamentally misread the moment and would let women down. I hope that when the Minister responds she will announce that the Government now recognise that they must implement Part 3 as quickly as possible as an interim measure.
11.45 pm