Suppose you pulled out your cellphone to post a picture to your favorite social network — let us call it Twinstabooktok — and were asked for a selfie before you could log on. The picture you submitted would not be sent anywhere, the service assured you. Instead, it would use state-of-the-art machine-learning techniques to work out your age. In all likelihood, once you have submitted the scan, you can continue on your merry way. If the service guessed wrong, you could appeal, although that might take a bit longer.
The upside of all of this is that the social network would be able to know that you were an adult user and provide you with an experience largely free of parental controls and paternalist moderation, while children who tried to sign up would be given a restricted version of the same experience.
Depending on your position, that might sound like a long-overdue corrective to the “Wild West” tech sector, or a hopelessly restrictive attempt to achieve an impossible end: a child-safe Internet. Either way, it is far closer to reality than many realize.
Illustration: Kevin Sheu
In China, gamers who want to log on to play mobile games after 10pm must prove their age, or be turned away, as the state tries to tackle gaming addiction.
“We will conduct a face screening for accounts registered with real names and which have played for a certain period of time at night,” Chinese gaming firm Tencent said on Tuesday last week. “Anyone who refuses or fails the face verification will be treated as a minor, as outlined in the anti-addiction supervision of Tencent’s game health system, and kicked offline.”
The same approach might be coming to the UK, where a series of government measures are about to come into force in rapid succession, potentially changing the Internet forever.
THE DOG PROBLEM
The fundamental problem with verifying the age of an Internet user is obvious enough: If, on the Internet, nobody knows you are a dog, then they certainly do not know you are 17 years old.
In the offline world, there are two main approaches to age verification. The first is some form of official ID. In the UK, that is often a driver’s license, while for children it might be any one of a few private-sector ID cards, such as CitizenCard or MyID Card. Those, in turn, are backed by a rigorous chain of proof-of-identity, usually leading back to a birth certificate — the final proof of age.
Just as important for the day-to-day functioning of society is the other approach: looking at people. There is no need for an ID card system to stop seven-year-olds sneaking into an 18-rated movie — it is so obvious that it does not even feel like age verification.
Proving your age with ID, it turns out, is a different thing online than offline, says Alec Muffett, an independent security researcher and former Open Rights Group director.
“Identity is a concept that is broadly misunderstood, especially online, because ‘identity’ actually means ‘relationship,’” he said. “We love to think in terms of identity meaning ‘credential,’ such as ‘passport’ or ‘driving license,’ but even in those circumstances we are actually talking about ‘bearer of passport’ and ‘British passport’ — both relationships — with the associated booklet acting as a hard-to-forge ‘pivot’ between the two relationships.”
In other words, even in the offline world, a proof of age is not simply a piece of paper that says: “I am over 18”; it is more like an entry in a complex nexus that says: “The issuer of this card has verified that the person pictured on the card is over 18 by checking with a relevant authority.”
Online, if you simply replicate the surface level of offline ID checks — flashing a card to someone who checks the date on it — you break that link between the relationships. It is no good proving you hold a valid driver’s license if you cannot also prove that you are the name on the license. If you do agree to that, then the site you are visiting would have a cast-iron record of who you are, when you visited, and what you did while you were there.
SURVEILLANCE FEARS
So in practice, age verification can become ID verification, which can in turn become “subjugated to cross-check and revocation from a cartel of third parties ... all gleefully rubbing their hands together at the monetization opportunities,” Muffet said.
Those fears have scuppered more than just attempts to build online proof-of-age systems.
From the defeat of national ID cards in the era of former British prime minister Tony Blair onward, the British people have been wary of anything that seems like a national database. Begin tracking people in a centralized system, they fear, and it is the first step on an inexorable decline toward a surveillance state. As the weight of legislation piles up, it seems inevitable that something will change soon.
The Digital Economy Act of 2017 was mostly a tidying-up piece of legislation, making tweaks to a number of issues raised since the passage of the much more wide-ranging 2010 act of the same name. One provision, part three of the act, was an attempt to do something that had never been done before, and introduce a requirement for online age verification.
The act was comparatively narrow in scope, applying only to commercial pornographic Web sites, but it required them to ensure that their users were 18 or older. The law did not specify how they were to do that, instead preferring to turn the task of finding an acceptable solution over to the private sector.
Proposals were dutifully suggested, from a “porn pass,” which users could buy in person from a newsagent and enter into the site at a later date, through algorithmic attempts to leverage credit card data and existing credit check services to do it automatically (with a less than stunning success rate).
Sites that were found to be providing commercial pornography to people younger than 18 would be fined up to 5 percent of their turnover, and the British Board of Film Classification was named as the expected regulator, drawing up the detailed regulations.
Nothing happened. The scheme was supposed to begin in 2018, but did not. In 2019, a rumored spring onset was missed, but the government did, two years after passage of the bill, set a date: July that year. Just days before the regulation was supposed to take effect, the government said it had failed to give notification to the European Commission and delayed the scheme further, “in the region of six months.” Then suddenly, in October 2019, as that deadline was again approaching, the scheme was killed for good.
‘WOEFULLY UNREGULATED’
The news saddened campaigners, such as Vanessa Morse, chief executive of the Centre to End All Sexual Exploitation (CEASE).
“It’s staggering that pornography sites do not yet have age verification,” she said. “The UK has an opportunity to be a leader in this, but because it’s prevaricated and kicked into the long grass, a lot of other countries have taken it over already.”
Morse argues that the lack of age-gating on the Internet is causing serious harm.
“The online commercial pornography industry is woefully unregulated. It’s had several decades to explode in terms of growth, and it’s barely been regulated at all. As a result, pornography sites do not distinguish between children and adult users. They are not neutral and they are not naive: They know that there are 1.4 million children visiting pornography sites every month in the UK,” she said.
“And 44 percent of boys aged between 11 and 16, who regularly view porn, said it gave them ideas about the type of sex they wanted to try. We know that the children’s consumption of online porn has been associated with a dramatic increase in child-on-child sexual abuse over the past few years. Child-on-child sexual abuse now constitutes about a third of all child sexual abuse. It’s huge,” she added.
Despite protestations from CEASE and others, the government shows no signs of resurrecting the porn block. Instead, its child-protection efforts have splintered across an array of different initiatives.
The online harms bill, a piece of legislation from the era of former British prime minister Theresa May, was revived by British Prime Minister Boris Johnson’s administration and finally presented in draft form in May: It calls for social media platforms to take action against “legal but harmful” content, such as that which promotes self-harm or suicide, and imposes requirements on them to protect children from inappropriate content.
Elsewhere, the government has given nonbinding “advice” to communications services on how to “improve the safety of your online platform.”
“You can also prevent end-to-end encryption for child accounts,” the advice reads in part, because it “makes it more difficult for you to identify illegal and harmful content occurring on private channels.”
Widely interpreted as part of a larger government push to have WhatsApp turn off its end-to-end encryption — long a bane of law enforcement, which resents the inability to easily intercept communications — the advice pushes for companies to recognize their child users and treat them differently.
A WIDE NET
Most immediate is the Age Appropriate Design code. Introduced in the Data Protection Act of 2018, which implemented the EU’s General Data Protection Regulation in the UK, the code sees the information commissioner’s office laying out a new standard for Internet companies that are “likely to be accessed by children.”
When it comes into force in September, the code would be comprehensive, covering everything from requirements for parental controls to restrictions on data collection and bans on “nudging” children to turn off privacy protections, but the key word is “likely.”
Some fear that in practice it would draw the net wide enough that the whole Internet would be required to declare itself “child friendly” — or to prove that it has blocked children.
The National Society for the Prevention of Cruelty to Children (NSPCC) is strongly in support of the code.
“Social networks should use age-assurance technology to recognize child users, and in turn ensure they are not served up inappropriate content by algorithms and are given greater protections, such as the most stringent privacy settings,” NSPCC senior child safety online policy officer Alison Trew said. “This technology must be flexible and adaptable to the varied platforms used by young people — now and to new sites in the future — so better safeguards for children’s rights to privacy and safety can be built in alongside privacy protections for all users.”
Because the code’s requirements are less rigorous than the porn block, providers are free to innovate a bit more. Take Yoti: The company provides a range of age verification services, partnering with CitizenCard to offer a digital version of its ID, and working with self-service supermarkets to experiment with automatic age recognition of individuals.
John Abbott, Yoti’s chief business officer, said that the system is already as good as a person at telling someone’s age from a video of them, and has been tested against a wide range of demographics — including age, race and gender — to ensure that it is not wildly miscategorizing any particular group.
NOT RECOGNITION
The company’s most recent report claims that a “Challenge 21” policy — blocking people under the age of 18 by asking for strong proof of age from people who look younger than 21 — would catch 98 percent of 17-year-olds and 99.15 percent of 16-year-olds.
“It’s facial analysis, not facial recognition,” Yoti regulatory and policy director Julie Dawson said. “It’s not recognizing my face one-to-one, all it’s trying to work out is my age.”
That system, the company thinks, could be deployed at scale almost overnight, and for companies that simply need to prove that they are not “likely” to be accessed by children, it could be a compelling offer.
It is not, of course, something that would trouble a smart 14-year-old — or even just a regular 14-year-old with a phone and an older sibling willing to stand in for the selfie — but perhaps a bit of friction is better than none.
President William Lai (賴清德) recently attended an event in Taipei marking the end of World War II in Europe, emphasizing in his speech: “Using force to invade another country is an unjust act and will ultimately fail.” In just a few words, he captured the core values of the postwar international order and reminded us again: History is not just for reflection, but serves as a warning for the present. From a broad historical perspective, his statement carries weight. For centuries, international relations operated under the law of the jungle — where the strong dominated and the weak were constrained. That
The Executive Yuan recently revised a page of its Web site on ethnic groups in Taiwan, replacing the term “Han” (漢族) with “the rest of the population.” The page, which was updated on March 24, describes the composition of Taiwan’s registered households as indigenous (2.5 percent), foreign origin (1.2 percent) and the rest of the population (96.2 percent). The change was picked up by a social media user and amplified by local media, sparking heated discussion over the weekend. The pan-blue and pro-China camp called it a politically motivated desinicization attempt to obscure the Han Chinese ethnicity of most Taiwanese.
On Wednesday last week, the Rossiyskaya Gazeta published an article by Chinese President Xi Jinping (習近平) asserting the People’s Republic of China’s (PRC) territorial claim over Taiwan effective 1945, predicated upon instruments such as the 1943 Cairo Declaration and the 1945 Potsdam Proclamation. The article further contended that this de jure and de facto status was subsequently reaffirmed by UN General Assembly Resolution 2758 of 1971. The Ministry of Foreign Affairs promptly issued a statement categorically repudiating these assertions. In addition to the reasons put forward by the ministry, I believe that China’s assertions are open to questions in international
The Legislative Yuan passed an amendment on Friday last week to add four national holidays and make Workers’ Day a national holiday for all sectors — a move referred to as “four plus one.” The Chinese Nationalist Party (KMT) and the Taiwan People’s Party (TPP), who used their combined legislative majority to push the bill through its third reading, claim the holidays were chosen based on their inherent significance and social relevance. However, in passing the amendment, they have stuck to the traditional mindset of taking a holiday just for the sake of it, failing to make good use of
RSS