Source: Internet Watch Foundation (IWF) published on this website Monday 20 January 2025 by Jill Powell

A new pilot scheme is showing how even the smallest platforms can help play their part in preventing the spread of child sexual abuse imagery online.

The Internet Watch Foundation (IWF) and cyber security company Cyacomb have launched a pilot programme which allows small platforms to benefit from world-leading tools to block and disrupt the spread of known Child Sexual Abuse Material.

Cyacomb Safety is a tool which allows platforms to match content their users upload or share against IWF lists of known child sexual abuse imagery without compromising their user’s privacy.

It gives smaller businesses and platforms, which may not have the infrastructure or the capacity to handle sensitive data a solution to make sure their users are kept safe, and that they are playing their part in preventing the spread of criminal child sexual abuse imagery. It will also help platforms become compliant with the Online Safety Act, which will come into effect for them in 2025.

Now Blipfoto, a community-owned and volunteer-run online photo journal and social networking service, has begun using Cyacomb’s tools.

Source: Ofcom published on this website Wednesday 16 January 2025 by Jill Powell

Children will be prevented from encountering online pornography and protected from other types of harmful content under Ofcom’s new industry guidance which sets out how we expect sites and apps to introduce highly effective age assurance.

Today’s decisions are the next step in Ofcom implementing the Online Safety Act and creating a safer life online for people in the UK, particularly children. It follows tough industry standards, announced last month, to tackle illegal content online, and comes ahead of broader protection of children measures which will launch in the Spring.

Robust age checks are a cornerstone of the Online Safety Act. It requires services which allow pornography or certain other types of harmful content to introduce ‘age assurance’ to ensure that children are not normally able to encounter it. Age assurance methods – which include age verification, age estimation or a combination of both – must be ‘highly effective’ at correctly determining whether a particular user is a child.

We have today published industry guidance on how we expect age assurance to be implemented in practice for it to be considered highly effective. Our approach is designed to be flexible, tech-neutral and future-proof. It also allows space for innovation in age assurance, which represents an important part of a wider safety tech sector where the UK is a global leader[2]. We expect the approach to be applied consistently across all parts of the online safety regime over time.

While providing strong protections to children, our approach also takes care to ensure that privacy rights are protected and that adults can still access legal pornography. As platforms take action to introduce age assurance over the next six months, adults will start to notice changes in how they access certain online services. Our evidence suggests that the vast majority of adults (80%) are broadly supportive of age assurance measures to prevent children from encountering online pornography.

What are online services required to do, and by when?

The Online Safety Act divides online services into different categories with distinct routes to implement age checks. However, the action we expect all of them to take starts from today:

• Requirement to carry out a children’s access assessment.  All user-to-user and search services – defined as ‘Part 3’ services – in scope of the Act, must carry out a children’s access assessment to establish if their service – or part of their service - is likely to be accessed by children. From today, these services have three months to complete their children’s access assessments, in line with our guidance, with a final deadline of 16 April. Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act. Services that fall into this category must comply with the children’s risk assessment duties and the children’s safety duties.
• Measures to protect children on social media and other user-to-user services. We will publish our Protection of Children Codes and children’s risk assessment guidance in April 2025. This means that services that are likely to be accessed by children will need to conduct a children’s risk assessment by July 2025 – that is, within three months. Following this, they will need to implement measures to protect children on their services, in line with our Protection of Children Codes to address the risks of harm identified. These measures may include introducing age checks to determine which of their users are under-18 and protect them from harmful content.
• Services that allow pornography must introduce processes to check the age of users: all services which allow pornography must have highly effective age assurance processes in place by July 2025 at the latest to protect children from encountering it. The Act imposes different deadlines on different types of providers. Services that publish their own pornographic content (defined as ‘Part 5 Services[6]) including certain Generative AI tools, must begin taking steps immediately to introduce robust age checks, in line with our published guidance. Services that allow user-generated pornographic content – which fall under ‘Part 3’ services – must have fully implemented age checks by July.

What does highly effective age assurance mean?

Our approach to highly effective age assurance and how we expect it to be implemented in practice applies consistently across three pieces of industry guidance, published today[5]. Our final position, in summary:

• confirms that any age-checking methods deployed by services must be technically accurate, robust, reliable and fair in order to be considered highly effective;
• sets out a non-exhaustive list of methods that we consider are capable of being highly effective. They include: open banking, photo ID matching, facial age estimation, mobile network operator age checks, credit card checks, digital identity services and email-based age estimation;
• confirms that methods including self-declaration of age and online payments which don’t require a person to be 18 are not highly effective;
• stipulates that pornographic content must not be visible to users before, or during, the process of completing an age check. Nor should services host or permit content that directs or encourages users to attempt to circumvent an age assurance process; and
• sets expectations that sites and apps consider the interests of all users when implementing age assurance – affording strong protection to children, while taking care that privacy rights are respected and adults can still access legal pornography.

We consider this approach will secure the best outcomes for the protection of children online in the early years of the Act being in force. While we have decided not to introduce numerical thresholds for highly effective age assurance at this stage (e.g. 99% accuracy), we acknowledge that numerical thresholds may complement our four criteria in the future, pending further developments in testing methodologies, industry standards, and independent research.

Opening a new enforcement programme

We expect all services to take a proactive approach to compliance and meet their respective implementation deadlines. Today Ofcom is opening an age assurance enforcement programme, focusing our attention first on Part 5 services thatdisplay or publish their own pornographic content.

We will contact a range of adult services – large and small – to advise them of their new obligations. We will not hesitate to take action and launch investigations against services that do not engage or ultimately comply.

Source: Crown Prosecution Service (CPS) published on this website Friday 17 January 2025 by Jill Powell

A former surgeon has been jailed for a combined total of more than five and-a-half years (67 months) today (Wednesday 15 January) at Inner London Crown Court having admitted assault occasioning actual bodily harm, child cruelty and administering a prescription only medicine to several young and vulnerable patients whilst ignoring basic hygiene rules and performing non-therapeutic male circumcision whilst ignoring basic hygiene rules and performing non-therapeutic male circumcisions.

Dr Mohammad Siddiqui, 58, from Birmingham pleaded guilty at Southwark Crown Court on 29 October 2024 to a total of 25 offences which included, 11 counts of actual bodily harm, 6 counts of cruelty to a child and 8 counts of administering prescription only medicines contrary to the law. The prosecution was brought because of the methods Siddiqui used which showed a complete disregard to patient health, safety and comfort in private residences between 2014 and 2018.

Between June 2012 and November 2013, Dr Siddiqui provided a private mobile circumcision service whilst working asclinical fellow in paediatric surgery at University Hospital Southampton NHS Foundation Trust. In this capacity he was able to source the anaesthetic Bupivacaine Hydrochloride which is a prescription only medication.

In 2015 Siddiqui was ‘struck off’ the General Medical Council Register after a panel of the Medical Practitioners Tribunal Service found him guilty of failures in performing non-therapeutic male circumcisions in the homes of four babies.

Despite having been ‘struck off’, Dr Siddiqui continued to promote and provide a mobile circumcision service. No longer being considered a ‘Health Care Professional’ he was able to do so because non-therapeutic male circumcision is unregulated with no requirement to be carried out by a medical practitioner. Dr Siddiqui continued to use Bupivacaine Hydrochloride and carry out circumcisions in unsafe, unsanitary and harmful ways. He advertised his services across the United Kingdom and by appointment performed non-therapeutic male circumcisions on young patients up to the age of 14 in their homes.

A serious organised crime prevention order was granted after being sought by the Crown Prosecution Service, which would prevent Dr Siddiqui from undertaking non-therapeutic circumcision following his release from custody. Without such an order or any license provision he could engage in these activities. For this reason, the order would be significant to safeguard children in the future.  

Source: Action Fraud published on this website Wednesday 15 January 2025 by Jill Powell

Those using the platform Booking.com to book their holidays or accommodation are being warned they could be targeted with emails or messages requesting payments from hotels who have had their account taken over by fraudsters. Between June 2023 and September 2024, Action Fraud received 532 reports from individuals, with a total of £370,000 lost.

Insight from Action Fraud reports suggests the individuals were defrauded after receiving unexpected messages and emails from a Booking.com account belonging to a hotel they had a reservation with, which had been taken over by a criminal. Using this account, the criminals send in-app messages, emails, and WhatsApp messages to customers, deceiving them into making payment and/or requesting credit card details.

The specific account takeovers are likely to be the result of a targeted phishing attack against the hotel or accommodation provider, and not Booking.com’s backend system or infrastructure.

Booking.com and Action Fraud are providing the following advice on how to spot signs of fraud and protect your Booking.com account:

• No legitimate Booking.com transaction will ever require a customer to provide their credit card details by phone, email, or text message (including WhatsApp).
  • Sometimes a hotel provider will manage their own payment and may reach out to request payment information, like credit card details – before providing any information, always verify the authenticity of communication between yourself and the hotel’s account.
• If you receive any urgent payment requests that require immediate attention, like a booking cancellation, immediately reach out to the Booking.com Customer Service team via the details on the official Booking.com website and/or app to confirm.
  • Any payment requests that do not match the information in the original booking confirmation should also be double checked and confirmed with Booking.com Customer Service before proceeding. 
• Any messages purporting to be from Booking.com that contain instructions to follow links and/or open/download files should be treated with caution.
  • If you have any doubts about a message, contact Booking.com directly. Don’t use the numbers or address in the suspicious message and use the details from their official website.
• For more information about how to protect your Booking.com account, please visit: Safety Tips for Travellers | Booking.com

If you receive any suspicious emails or text messages, report them by forwarding emails to: report@phishing.gov.uk, or texts to 7726.

Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk

If you’ve lost money or provided financial information as a result of any phishing scam, notify your bank immediately and report it to Action Fraud at  https://www.actionfraud.police.uk/report-phishing or by calling 0300 123 2040. In Scotland, call Police Scotland on 101.