This article is more than 1 year old
UK.gov threatens to make adults give credit card details for access to Facebook or TikTok
Age verification for large chunks of WWW to be mandatory
Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning.
Internet use age verification – first floated and then abandoned via the country's 2017 Digital Economy Act – will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.
Websites targeted by the government will be forced to submit to "a new legal duty" requiring them "to put robust checks in place to ensure their users are 18 years old or over."
Government messaging tried to suggest this would be imposed on dedicated pornographic websites.
Yet in the small print this morning's statement from the Department for Digital, Culture, Media and Sport (DCMS) said it would go further than the failed effort via the Digital Economy Act. That act "did not cover social media companies, where a considerable quantity of pornographic material is accessible, and which research suggests children use to access pornography."
The new focus on social media companies will impact Britons' ability to talk to friends and family on TikTok, Facebook, Twitter, Instagram, and potentially any other platform where users can post their own content.
DCMS's statement read: "If sites fail to act, the independent regulator Ofcom will be able fine them up to 10 per cent of their annual worldwide turnover or can block them from being accessible in the UK. Bosses of these websites could also be held criminally liable if they fail to cooperate with Ofcom."
Critics speak out against age verification, anti-encryption measures
Daniel Pryor, head of research at the Adam Smith Institute think tank, condemned this morning's announcement, saying in a statement: "The government seems determined to shaft civil liberties in its misguided crusade against pornography. Age verification is easily circumvented by any tech-savvy teen with a VPN."
"Adults would be forced to enter personal information like passport or credit card details – a gift to scammers – and would be left at greater risk of being caught with their pants down in the event of a data breach," he added – a warning that will resonate with many Reg readers.
Similarly the Open Rights Group launched a campaign condemning the government for its "decision to wage war" on encryption – a technology that will need to be halted and reversed for the Online Safety Bill's ambition to proactively scan social media posts to become a reality.
In an open letter, signatories including former MI5 intelligence officer Annie Machon, the Electronic Frontier Foundation, and the Open technology Institute stated: "Contrary to what the Home Office claims, leading cybersecurity experts conclude that even message scanning 'creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.' Backdoors create an entry point for hostile states, criminals and terrorists to gain access to highly sensitive information. Weakening encryption negatively impacts the global internet and means our private messages, sensitive banking information, personal photographs and privacy would be undermined."
- Well, well, well. Fancy that. UK.gov shelves planned pr0n block
- Campaigners warn of an 'algorithm-driven censorship' future if UK Online Safety Bill gets through Parliament
- Age verification biz claims no-payment model for 40% of Brits ahead of July pr0n ban
- There's NordVPN odd about this, right? Infosec types concerned over strange app traffic
Age verification – if at first you don't succeed...
Like money, personal data sticks to the fingers of whoever handles it. The UK government has promised that its favoured age verification providers will resist the temptation to exploit it, although many are unconvinced. And it isn't the first time these concerns have been raised.
Prior efforts for mandatory age verification controls were originally supposed to be inserted into Digital Economy Act but were abandoned in 2019 after more than one delay. At that time, the government had designated the British Board of Film Classification, rather than Ofcom, as the age verification regulator. In 2018, it estimated that legal challenges to implementing the age check rules could cost it up to £10m in the first year alone.
As we pointed out at the time, despite what lawmakers would like to believe – it's not a simple case of taking offline laws and applying them online. There are no end of technical and societal issues thrown up by asking people to submit personal details to third parties on the internet. However, privacy, technical and legal implications put paid to that project.
The newer effort, via the Online Safety Bill, will possibly fuel Britons' use of VPNs and workarounds, which is arguably equally as risky: free VPNs come with a lot of risks and even paid products may not always work as advertised.
DCMS's earlier plans on the Online Safety Bill to adjudicate content that it considered "legal but harmful", were slammed by critics, who argued that "the definitions of the content [social media companies] have to manage out of existence ... are vague, and set at a very low threshold."
Just yesterday, the US's Internal Revenue Service abandoned its plan to verify the identities of US taxpayers using a private contractor's facial recognition technology after both Democrats and Republicans actively opposed the deal.
The agency currently uses controversial private facial recognition service ID.me to verify IRS.gov accounts.
Oregon senator Ron Wyden opined of the move that "no one should be forced to submit to facial recognition to access critical government services" and that "privacy and security are not mutually exclusive." ®