Suppose you pulled out your cellphone to post a picture to your favorite social network — let us call it Twinstabooktok — and were asked for a selfie before you could log on. The picture you submitted would not be sent anywhere, the service assured you. Instead, it would use state-of-the-art machine-learning techniques to work out your age. In all likelihood, once you have submitted the scan, you can continue on your merry way. If the service guessed wrong, you could appeal, although that might take a bit longer.
The upside of all of this is that the social network would be able to know that you were an adult user and provide you with an experience largely free of parental controls and paternalist moderation, while children who tried to sign up would be given a restricted version of the same experience.
Depending on your position, that might sound like a long-overdue corrective to the “Wild West” tech sector, or a hopelessly restrictive attempt to achieve an impossible end: a child-safe Internet. Either way, it is far closer to reality than many realize.
Illustration: Kevin Sheu
In China, gamers who want to log on to play mobile games after 10pm must prove their age, or be turned away, as the state tries to tackle gaming addiction.
“We will conduct a face screening for accounts registered with real names and which have played for a certain period of time at night,” Chinese gaming firm Tencent said on Tuesday last week. “Anyone who refuses or fails the face verification will be treated as a minor, as outlined in the anti-addiction supervision of Tencent’s game health system, and kicked offline.”
The same approach might be coming to the UK, where a series of government measures are about to come into force in rapid succession, potentially changing the Internet forever.
THE DOG PROBLEM
The fundamental problem with verifying the age of an Internet user is obvious enough: If, on the Internet, nobody knows you are a dog, then they certainly do not know you are 17 years old.
In the offline world, there are two main approaches to age verification. The first is some form of official ID. In the UK, that is often a driver’s license, while for children it might be any one of a few private-sector ID cards, such as CitizenCard or MyID Card. Those, in turn, are backed by a rigorous chain of proof-of-identity, usually leading back to a birth certificate — the final proof of age.
Just as important for the day-to-day functioning of society is the other approach: looking at people. There is no need for an ID card system to stop seven-year-olds sneaking into an 18-rated movie — it is so obvious that it does not even feel like age verification.
Proving your age with ID, it turns out, is a different thing online than offline, says Alec Muffett, an independent security researcher and former Open Rights Group director.
“Identity is a concept that is broadly misunderstood, especially online, because ‘identity’ actually means ‘relationship,’” he said. “We love to think in terms of identity meaning ‘credential,’ such as ‘passport’ or ‘driving license,’ but even in those circumstances we are actually talking about ‘bearer of passport’ and ‘British passport’ — both relationships — with the associated booklet acting as a hard-to-forge ‘pivot’ between the two relationships.”
In other words, even in the offline world, a proof of age is not simply a piece of paper that says: “I am over 18”; it is more like an entry in a complex nexus that says: “The issuer of this card has verified that the person pictured on the card is over 18 by checking with a relevant authority.”
Online, if you simply replicate the surface level of offline ID checks — flashing a card to someone who checks the date on it — you break that link between the relationships. It is no good proving you hold a valid driver’s license if you cannot also prove that you are the name on the license. If you do agree to that, then the site you are visiting would have a cast-iron record of who you are, when you visited, and what you did while you were there.
So in practice, age verification can become ID verification, which can in turn become “subjugated to cross-check and revocation from a cartel of third parties ... all gleefully rubbing their hands together at the monetization opportunities,” Muffet said.
Those fears have scuppered more than just attempts to build online proof-of-age systems.
From the defeat of national ID cards in the era of former British prime minister Tony Blair onward, the British people have been wary of anything that seems like a national database. Begin tracking people in a centralized system, they fear, and it is the first step on an inexorable decline toward a surveillance state. As the weight of legislation piles up, it seems inevitable that something will change soon.
The Digital Economy Act of 2017 was mostly a tidying-up piece of legislation, making tweaks to a number of issues raised since the passage of the much more wide-ranging 2010 act of the same name. One provision, part three of the act, was an attempt to do something that had never been done before, and introduce a requirement for online age verification.
The act was comparatively narrow in scope, applying only to commercial pornographic Web sites, but it required them to ensure that their users were 18 or older. The law did not specify how they were to do that, instead preferring to turn the task of finding an acceptable solution over to the private sector.
Proposals were dutifully suggested, from a “porn pass,” which users could buy in person from a newsagent and enter into the site at a later date, through algorithmic attempts to leverage credit card data and existing credit check services to do it automatically (with a less than stunning success rate).
Sites that were found to be providing commercial pornography to people younger than 18 would be fined up to 5 percent of their turnover, and the British Board of Film Classification was named as the expected regulator, drawing up the detailed regulations.
Nothing happened. The scheme was supposed to begin in 2018, but did not. In 2019, a rumored spring onset was missed, but the government did, two years after passage of the bill, set a date: July that year. Just days before the regulation was supposed to take effect, the government said it had failed to give notification to the European Commission and delayed the scheme further, “in the region of six months.” Then suddenly, in October 2019, as that deadline was again approaching, the scheme was killed for good.
The news saddened campaigners, such as Vanessa Morse, chief executive of the Centre to End All Sexual Exploitation (CEASE).
“It’s staggering that pornography sites do not yet have age verification,” she said. “The UK has an opportunity to be a leader in this, but because it’s prevaricated and kicked into the long grass, a lot of other countries have taken it over already.”
Morse argues that the lack of age-gating on the Internet is causing serious harm.
“The online commercial pornography industry is woefully unregulated. It’s had several decades to explode in terms of growth, and it’s barely been regulated at all. As a result, pornography sites do not distinguish between children and adult users. They are not neutral and they are not naive: They know that there are 1.4 million children visiting pornography sites every month in the UK,” she said.
“And 44 percent of boys aged between 11 and 16, who regularly view porn, said it gave them ideas about the type of sex they wanted to try. We know that the children’s consumption of online porn has been associated with a dramatic increase in child-on-child sexual abuse over the past few years. Child-on-child sexual abuse now constitutes about a third of all child sexual abuse. It’s huge,” she added.
Despite protestations from CEASE and others, the government shows no signs of resurrecting the porn block. Instead, its child-protection efforts have splintered across an array of different initiatives.
The online harms bill, a piece of legislation from the era of former British prime minister Theresa May, was revived by British Prime Minister Boris Johnson’s administration and finally presented in draft form in May: It calls for social media platforms to take action against “legal but harmful” content, such as that which promotes self-harm or suicide, and imposes requirements on them to protect children from inappropriate content.
Elsewhere, the government has given nonbinding “advice” to communications services on how to “improve the safety of your online platform.”
“You can also prevent end-to-end encryption for child accounts,” the advice reads in part, because it “makes it more difficult for you to identify illegal and harmful content occurring on private channels.”
Widely interpreted as part of a larger government push to have WhatsApp turn off its end-to-end encryption — long a bane of law enforcement, which resents the inability to easily intercept communications — the advice pushes for companies to recognize their child users and treat them differently.
A WIDE NET
Most immediate is the Age Appropriate Design code. Introduced in the Data Protection Act of 2018, which implemented the EU’s General Data Protection Regulation in the UK, the code sees the information commissioner’s office laying out a new standard for Internet companies that are “likely to be accessed by children.”
When it comes into force in September, the code would be comprehensive, covering everything from requirements for parental controls to restrictions on data collection and bans on “nudging” children to turn off privacy protections, but the key word is “likely.”
Some fear that in practice it would draw the net wide enough that the whole Internet would be required to declare itself “child friendly” — or to prove that it has blocked children.
The National Society for the Prevention of Cruelty to Children (NSPCC) is strongly in support of the code.
“Social networks should use age-assurance technology to recognize child users, and in turn ensure they are not served up inappropriate content by algorithms and are given greater protections, such as the most stringent privacy settings,” NSPCC senior child safety online policy officer Alison Trew said. “This technology must be flexible and adaptable to the varied platforms used by young people — now and to new sites in the future — so better safeguards for children’s rights to privacy and safety can be built in alongside privacy protections for all users.”
Because the code’s requirements are less rigorous than the porn block, providers are free to innovate a bit more. Take Yoti: The company provides a range of age verification services, partnering with CitizenCard to offer a digital version of its ID, and working with self-service supermarkets to experiment with automatic age recognition of individuals.
John Abbott, Yoti’s chief business officer, said that the system is already as good as a person at telling someone’s age from a video of them, and has been tested against a wide range of demographics — including age, race and gender — to ensure that it is not wildly miscategorizing any particular group.
The company’s most recent report claims that a “Challenge 21” policy — blocking people under the age of 18 by asking for strong proof of age from people who look younger than 21 — would catch 98 percent of 17-year-olds and 99.15 percent of 16-year-olds.
“It’s facial analysis, not facial recognition,” Yoti regulatory and policy director Julie Dawson said. “It’s not recognizing my face one-to-one, all it’s trying to work out is my age.”
That system, the company thinks, could be deployed at scale almost overnight, and for companies that simply need to prove that they are not “likely” to be accessed by children, it could be a compelling offer.
It is not, of course, something that would trouble a smart 14-year-old — or even just a regular 14-year-old with a phone and an older sibling willing to stand in for the selfie — but perhaps a bit of friction is better than none.
Local media reported earlier this month that the Chinese Nationalist Party (KMT) criticized President Tsai Ing-wen (蔡英文) for referring to China as a “neighboring country,” saying that this is no different from a “two-state” model and that it amounts to changing the cross-strait “status quo.” I find it quite impossible to understand why civilized Taiwan continues to tolerate the existence of such a deceitful group that believes its own lies. The relationship between Taiwan and China is the relationship between two countries, and neither has any jurisdiction over the other — this is the undeniable “status quo.” Those who believe in the
With the Taliban’s return to power in Afghanistan, China has remarketed its East Turkistan Islamic Movement (ETIM) concerns. Beijing urged the Taliban to make a clean break with the movement and asked the US to blacklist it again. While some are still debating whether the movement exists, it is not the core of the matter because its existence neither justifies China’s Uighur policy nor sheds light on its concerns after the withdrawal of the US from Afghanistan. Is China really worried, and if so, is it because of the movement? This question needs to be answered. When Chinese officials first acknowledged
On Thursday, China applied to join the Comprehensive and Progressive Trans-Pacific Partnership (CPTPP) — a regional economic organization whose 11 member countries have a combined GDP of US$11 trillion. That is less than China’s 2019 GDP of US$14.34 trillion, so why is China so eager to join? China says there are two main reasons: To consolidate its foreign trade and foreign investment base, and to fast-track economic and trade relations between China and member countries of the CPTPP free-trade area. China’s bilateral trade with these countries grew from US$78 billion in 2003 to US$685.1 billion last year, mostly because of China’s 2005
WASHINGTON [Special Commentary]: It is just a teensy-weensy change, a change of one little syllable. It is barely noticeable unless you’re watching really carefully: The Tai-“pei” Representative Office in Washington, D.C. (TECRO) could soon change its name — just ever so very slightly — to Tai-“wan” Representative Office. The office’s “TECRO” initials would remain the same. It will be only a symbolic change. London’s Financial Times reported last week that such a change may soon be coming. The timing was a bit awkward, though. The FT’s report came out on the very same day that Taiwan Foreign Minister Joseph Wu (吳釗燮)