UK.gov threatens to make adults give credit card details for access to Facebook or TikTok

Age verification for large chunks of WWW to be mandatory


Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning.

Internet use age verification – first floated and then abandoned via the country's 2017 Digital Economy Act – will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Websites targeted by the government will be forced to submit to "a new legal duty" requiring them "to put robust checks in place to ensure their users are 18 years old or over."

Government messaging tried to suggest this would be imposed on dedicated pornographic websites.

Yet in the small print this morning's statement from the Department for Digital, Culture, Media and Sport (DCMS) said it would go further than the failed effort via the Digital Economy Act. That act "did not cover social media companies, where a considerable quantity of pornographic material is accessible, and which research suggests children use to access pornography."

The new focus on social media companies will impact Britons' ability to talk to friends and family on TikTok, Facebook, Twitter, Instagram, and potentially any other platform where users can post their own content.

DCMS's statement read: "If sites fail to act, the independent regulator Ofcom will be able fine them up to 10 per cent of their annual worldwide turnover or can block them from being accessible in the UK. Bosses of these websites could also be held criminally liable if they fail to cooperate with Ofcom."

Critics speak out against age verification, anti-encryption measures

Daniel Pryor, head of research at the Adam Smith Institute think tank, condemned this morning's announcement, saying in a statement: "The government seems determined to shaft civil liberties in its misguided crusade against pornography. Age verification is easily circumvented by any tech-savvy teen with a VPN."

"Adults would be forced to enter personal information like passport or credit card details – a gift to scammers – and would be left at greater risk of being caught with their pants down in the event of a data breach," he added – a warning that will resonate with many Reg readers.

Similarly the Open Rights Group launched a campaign condemning the government for its "decision to wage war" on encryption – a technology that will need to be halted and reversed for the Online Safety Bill's ambition to proactively scan social media posts to become a reality.

In an open letter, signatories including former MI5 intelligence officer Annie Machon, the Electronic Frontier Foundation, and the Open technology Institute stated: "Contrary to what the Home Office claims, leading cybersecurity experts conclude that even message scanning 'creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.' Backdoors create an entry point for hostile states, criminals and terrorists to gain access to highly sensitive information. Weakening encryption negatively impacts the global internet and means our private messages, sensitive banking information, personal photographs and privacy would be undermined."

Age verification – if at first you don't succeed...

Like money, personal data sticks to the fingers of whoever handles it. The UK government has promised that its favoured age verification providers will resist the temptation to exploit it, although many are unconvinced. And it isn't the first time these concerns have been raised.

Prior efforts for mandatory age verification controls were originally supposed to be inserted into Digital Economy Act but were abandoned in 2019 after more than one delay. At that time, the government had designated the British Board of Film Classification, rather than Ofcom, as the age verification regulator. In 2018, it estimated that legal challenges to implementing the age check rules could cost it up to £10m in the first year alone.

As we pointed out at the time, despite what lawmakers would like to believe – it's not a simple case of taking offline laws and applying them online. There are no end of technical and societal issues thrown up by asking people to submit personal details to third parties on the internet. However, privacy, technical and legal implications put paid to that project.

The newer effort, via the Online Safety Bill, will possibly fuel Britons' use of VPNs and workarounds, which is arguably equally as risky: free VPNs come with a lot of risks and even paid products may not always work as advertised.

DCMS's earlier plans on the Online Safety Bill to adjudicate content that it considered "legal but harmful", were slammed by critics, who argued that "the definitions of the content [social media companies] have to manage out of existence ... are vague, and set at a very low threshold."

Just yesterday, the US's Internal Revenue Service abandoned its plan to verify the identities of US taxpayers using a private contractor's facial recognition technology after both Democrats and Republicans actively opposed the deal.

The agency currently uses controversial private facial recognition service ID.me to verify IRS.gov accounts.

Oregon senator Ron Wyden opined of the move that "no one should be forced to submit to facial recognition to access critical government services" and that "privacy and security are not mutually exclusive." ®


Other stories you might like

  • Will this be one of the world's first RISC-V laptops?
    A sneak peek at a notebook that could be revealed this year

    Pic As Apple and Qualcomm push for more Arm adoption in the notebook space, we have come across a photo of what could become one of the world's first laptops to use the open-source RISC-V instruction set architecture.

    In an interview with The Register, Calista Redmond, CEO of RISC-V International, signaled we will see a RISC-V laptop revealed sometime this year as the ISA's governing body works to garner more financial and development support from large companies.

    It turns out Philipp Tomsich, chair of RISC-V International's software committee, dangled a photo of what could likely be the laptop in question earlier this month in front of RISC-V Week attendees in Paris.

    Continue reading
  • Did ID.me hoodwink Americans with IRS facial-recognition tech, senators ask
    Biz tells us: Won't someone please think of the ... fraud we've stopped

    Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam.

    ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax records in the future. After a public backlash, the IRS reconsidered its plans, and said taxpayers could choose non-biometric methods to verify their identity with the agency online.

    Just before the IRS controversy, ID.me said it uses one-to-one face comparisons. "Our one-to-one face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use one-to-many facial recognition, which is more complex and problematic. Further, privacy is core to our mission and we do not sell the personal information of our users," it said in January.

    Continue reading
  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading

Biting the hand that feeds IT © 1998–2022