The advocates of enforced age verification promise safe and secure technologies that protect user privacy.
Age verification mechanisms have, they insist, developed sufficiently, users need not fear, and skeptics’ arguments are relics of a bygone time. The newest security protocols, they argue, have rendered the privacy and cybersecurity concerns once attached to age verification outdated.
But promises of what can, theoretically, be done by public policy often founder when implemented — when practical, technological, and human constraints mount a counteroffensive against the best-laid plans of academics’ white papers.
If privacy is to be forfeited, the citizenry can demand evidence that their sacrifice will yield significant benefits, but the data provided so far gives little assurance.
The claims of robust security can be dispensed with: Age verification services routinely succumb to hacks, data breaches, leaks, and sloppy data-management practices. These failures publicize users’ government-issued documentation and other personal information.
The latest case study from the European Union lends no assistance to the advocates of age verification.
Only hours after Ursula von der Leyen, the president of the European Commission, announced the EU’s new age verification platform, soon to be made available — and mandatory — to the continent, the app proved rotten.
Security consultant Paul Moore, as reported by Politico, claimed to have hacked the app in under two minutes. He found in the application myriad deficiencies, including one that enabled users to evade the verification process altogether. The EU repaired its code, but Moore quickly dismantled the updates.
The EU has stumbled, joining a lengthy list of compromised verification platforms. Count among their number Outabox, AU10TIX, and two third parties employed by Discord. Add to these a breach of IDMerit, which alone compromised 1 billion records of personal data.
In March, hundreds of security and privacy academics signed a letter “call[ing] for a moratorium on [age verification] deployment plans” — at least “until the scientific consensus settles on the benefits and harms” of the technologies in question.
The manifest dangers of age verifications remain unresolved, even as regulators rush to enact mandates that would precondition access to everyday digital services on the user’s willingness to give up sensitive information about himself to vulnerable digital databases.
“Two critical issues have not been addressed: whether age assurance is efficacious and what the potential damages to general security and privacy are,” the letter reads.
Besides the privacy failings, the letter raises another inconvenient question: the efficacy of age-verification regimes. If privacy is to be forfeited, the citizenry can demand evidence that their sacrifice will yield significant benefits, but the data provided so far gives little assurance.
RELATED: The FBI should get a warrant before reading your messages
J. David Ake/Getty Images
The implementation of the Online Safety Act in the United Kingdom was met with a rush of British users resorting to virtual private networks, which allowed them to circumvent the age verification process.
Australia attempted to bar minors from major social media platforms, instituting age verification to effect the mandate. And yet, according to the findings of the Molly Rose Foundation, “three fifths (61%) of [12- to 15-year-olds] who previously held accounts on restricted platforms continue to have access to one or more active accounts.” Moreover, seven in 10 children called it “easy” to dodge the law.
Children are by nature troublemakers and hell-raisers. They carry these qualities — at once endearing and enraging — into the digital world. The government cannot ensure that children remain safe online, because it cannot love or know children as parents can, nor can it monitor children’s operations in the digital world.
Age verification is sold to credulous legislators as the one-size-fits-all fix for a world populated by innumerable young people, diverse in their abilities, proclivities, desires, and weaknesses. As extant age verification mandates demonstrate, noncompliance is, quite literally, at the fingertips of minors enterprising enough to best the regulatory requirements they confront.
No government knows enough about any given child or what he does every day to parry his every thrust. Once more, the responsibility comes home to parents, who must raise and protect their children as vigorously in the digital world as in the physical one.
From one vantage, it seems logical to support enforced age verification. But the technological and human facts of the case reveal the policy’s manifest dangers and scant chances of success.
Traditional child-protection standards lodge primary responsibility for children’s formation and well-being in the family — with parents. The digital world is novel, but human nature is eternal. Even in the digital world, the remedy is to be found at kitchen tables, not in legislatures.
Read the full article here
