As US, UK Embrace ‘Age Verify Everyone!’ French Data Protection Agency Says Age Verification Is Unreliable And Violates Privacy Rights
from the privacy-or-age-verification:-pick-one dept
We keep seeing it show up in a variety of places: laws to “protect the children” that, fundamentally begin with age verification to figure out who is a child (and then layering in a ton of often questionable requirements for how to deal with those identified as children). We have the Online Safety Bill in the UK. We have California’s Age Appropriate Design Code, which a bunch of states are rushing to emulate in their own legislatures. In Congress, there is the Kids Online Safety Act.
All of these, in the name of “protecting the children,” include elements that effectively require sites to use age verification technology. We’ve already spent many, many words explaining how age verification technology is inherently dangerous and actually puts children at greater risk. Not to mention it’s a privacy nightmare that normalizes the idea of mass surveillance, especially for children.
But, why take our word for it?
The French data protection agency, CNIL, has declared that no age verification technology in existence can be deemed as safe and not dangerous to privacy rights.
Now, there are many things that I disagree with CNIL about, especially its views that the censorial “right to be forgotten in the EU” should be applied globally. But one thing we likely agree on is that CNIL does not fuck around when it comes to data protection stuff. CNIL is generally seen as the most aggressive and most thorough in its data protection/data privacy work. Being on the wrong side of CNIL is a dangerous place for any company to be.
So I’d take it seriously when CNIL effectively notes that all age verification is a privacy nightmare, especially for children:
The CNIL has analysed several existing solutions for online age verification, checking whether they have the following properties: sufficiently reliable verification, complete coverage of the population and respect for the protection of individuals’ data and privacy and their security.
The CNIL finds that there is currently no solution that satisfactorily meets these three requirements.
Basically, CNIL found that all existing age verification techniques are unreliable, easily bypassed, and are horrible regarding privacy.
Despite this, CNIL seems oddly optimistic that just by nerding harder, perhaps future solutions will magically work. However, it does go through the weaknesses and problems of the various offerings being pushed today as solutions. For example, you may recall that when I called out the dangers of the age verification in California’s Age Appropriate Design Code, a trade group representing age verification companies reached out to me to let me know there was nothing to worry about, because they’d just scan everyone’s faces to visit websites. CNIL points out some, um, issues with this:
The use of such systems, because of their intrusive aspect (access to the camera on the user’s device during an initial enrolment with a third party, or a one-off verification by the same third party, which may be the source of blackmail via the webcam when accessing a pornographic site is requested), as well as because of the margin of error inherent in any statistical evaluation, should imperatively be conditional upon compliance with operating, reliability and performance standards. Such requirements should be independently verified.
This type of method must also be implemented by a trusted third party respecting precise specifications, particularly concerning access to pornographic sites. Thus, an age estimate performed locally on the user’s terminal should be preferred in order to minimise the risk of data leakage. In the absence of such a framework, this method should not be deployed.
Every other verification technique seems to similarly raise questions about effectiveness and how protective (or, well, how not protective it is of privacy rights).
So… why isn’t this raising alarm bells among the various legislatures and children’s advocates (many of whom also claim to be privacy advocates) who are pushing for these laws?
Filed Under: ab 2273, age appropriate design code, age verification, cnil, facial recognition, kosa, online safety bill
Comments on “As US, UK Embrace ‘Age Verify Everyone!’ French Data Protection Agency Says Age Verification Is Unreliable And Violates Privacy Rights”
Because the thought of children accessing porn is causing those pushing for the legislation more damage than that caused to a child who accesses a porn site.
No: it’s because they would be accused of being “against stopping children from accessing porn” in the next election cycle, regardless of how valid their reasons for voting down the latest poorly thought out measure might be.
As i said, damage to adults, where destroying everybodies including children’s privacy to create the appearance of doing something is more important than getting parents to use the available tools to protect their own children. Note, that in the UK,actual porn is blocked by ISP’s unless the account holder requests that it is removed, along with an age check.
The common theme with politicians on both sides of the pond is that it’s more important for them to be seen “doing something” about a problem than it is for them to do something that’s workable, effective or realistic. They get bonus points for “doing something” when they can also say it’s “for the children” because they can pretend that anyone who opposes their “plans” hates children or supports paedophiles.
So, what you get is a bunch of nonsense that either cannot be implemented without causing huge problems for everyone else, or is simply impossible to actually implement, but by the time the depressingly obvious results of their harebrained scheme are visible, they already won their votes, scammed a bunch of people for personal profit, and are now crowing on about the next thing they have to do – for the children…
The only ways out of this are a more educated voting public who can see through the obvious lies, or removing the ways in which politicians can personally profit from their legislation and general term in office, and I’m not seeing any sign that either of these things will happen in my lifetime.
Re: Re: Re:
Plus politicians do not listen to reasonable people,but rather those who shout the loudest, and gain the most headlines.
Re: Re: Re:2
Are you on some kind of drugs?? Politicians “listen” to only one thing – money. Everything else is secondary to them.
Unless you meant “shout the loudest equals gives the most money”, then I apologize.
So what if I’m an adult predator that wants to access a “children’s” site?
Fundamentally, this resembles DRM — you have some, presumably open protocol with an endpoint on it you cannot trust and increasingly good tools for generating realistic video. Age determination over the internet alone is essentially impossible.
AV is so unworkable that it is likely to collapse under its own weight just look at the UK last age verification law that was delayed over and over again until it was quietly scraped.
Took me a second to figure out that by AV you meant “age verification” instead of “adult video”
Its not like having an AOL-type service for “kids” would not resolve any “non-issues” about age verification.
Get those whipper snappers on their own walled-garden network and laugh at how there are no issues with kids on the Internet.
Each domestic government has an easy solution using basic language. Tell those rude people to stop taking their babies to the bar (an analogy).
The problem is the people who make laws dont understand how the internet works, the risks of collection of data on children,people under the age of 18, most dont have credit cards, once you start collecting data who has acess to it, can it be made secure from hackers ,will it be used for ad tracking, the uk gave up on making internet ids because its very difficult and it creates a risk
to public privacy.
You want age verification, bunky? See Leisure Suit Larry by Al Lowe, first published by Sierra Games in 1987.
That always made me laugh, if only because the questions were so US-centric it was sometimes impossible for people who bought the game in the UK to run the game the first time because the obscure (to us) things they were asking questions about were as unknown to adults as they were children.
i challenge the age-verification crowd to prove that such a thing is even logically possible in vacuo before pushing for it.
i don’t think they can.
Déjà vu::Reno v ACLU
Didn’t Reno v ACLU also point out some shortcomings of other methods of age verification?
Yes. But I’ve heard some argue that in Reno SCOTUS effectively said the tech wasn’t reliable, so some people feel that it would be decided otherwise today because (they claim!) the tech is more reliable.
Also, very different court composition.
Re: Re: Yes, and...
That decision also suggested that parental controls were a better (more speech-protective) option. For some reason, the “what about the children?!” camp isn’t embracing that tech…
Nanny state act is getting tiresome.
THE INTERNET IS NOT FOR CHILDREN!!!
THE INTERNET IS NOT FOR CHILDREN!!! End of story.
Just let ISPs verify every customers age once when signing the contract and prohibit the ISPs from selling to children. That way every internet user can be assumed to either be an adult or be supervised by an adult.
(Yes, there will be parents that just buy internet access for their kids and leave them unsupervised. These parents are just as irresponsible as parents who buy their kids bottles of vodka and leave them alone in a brothel.)
That assumes every person on the Internet uses a mobile device on their own account, and not a common pipe, like Broadband.
Re: Re: Re:
And just who do you think contacts for broadband, and phone accounts for minor children? It’s their parents, so you are suggesting doing something that is no change to reality.
Once the facilities are there for children only devices and networks, they (politicians) cannot exploit children any longer.
I made the comment of an AOL-type walled garden, but custom roms for mobile can exist as well, limiting access to the adult content on the Internet. Its just a VPN client to the resource of choice, without having DNS access to the Internet as a whole.
1st world countries can shelve the irresponsible parenting and never hear another word about it.
Re: Re: Re:
Custom roms? Apparently you haven’t yet heard of burner phones that any child can buy, just like any adult.
Re: Re: Re:2
Sounds legit to me. Having the facilities in place removes the fictitious burdens of kids on the Internet. Kids will be kids.
With all of the phones that are no longer supported, custom roms to “children approved content networks” (no adult content) is two middle fingers with one stone.
Have you laughed that kids get obsolete phones with no security updates anyways? On the Internet, its just slumming kids anyways.
Technology already had an answer to prevent mixing with kids.
So you agree that fascists homophobes and transphobes get there way?