Publication of new figures by the (ISC)² Foundation's Safe and Secure Online programme showing that a third of under 18s admitted to lying about their age to sign up to social media sites has led to renewed calls for independent registration of ID to verify age before allowing access to such sites.
In fact GBGroup Managing director John Lord, suggested, “Ideally it should be compulsory, to create a level playing field between online and physical retailers,” noting how retailers proving adult content to minors are subject to £5k fines or six months in prison, whereas there is no sanction online.
The (ISC)² figures result from a survey of 1,162 UK school pupils which found that among respondents who claimed they are active on social media, 32 per cent said they were two to six years older than their actual age and one in ten claimed that they were five to nine years older. Facebook has to abide by a legal minimum age of 13 to hold and process data in the US. Additionally, eight per cent were using accounts which said they were aged between 18 and 25.
While Lord accepted that people should have a right to anonymity on the internet, his view is that if something goes wrong, there should be some way to get back to the source, hence advocating a global form of verification on the internet. “Are the rights of protecting anonymity more important than preventing crimes against minors?” he asks.
Lord accepts that as a vendor of identity verification, he has a vested interest, but insists that the analogy with real world retailers is valid, rejecting the claim by online entities arguing that they can't meet similar compliance because its not possible, insisting that it is. Government token-based access systems are cited as one model used for over 18s needing verification to access government records, with under 18s having their age vouched for by verified adult. But then such a system would also want over 18s verified to avoid them going into age-inappropriate sites. Verification would be one-time at registration, then used at the source of an application rather than a device or ISP. The retailer would then have recourse to the parent or guardian who sponsored the child if they are responsible for allowing access, whereas currently the site has to take responsibility.
“We have the technology. It can be done and it should be done, to create a level playing field between real world and web based age-related content,” concludes Lord.
While it is claimed that the token/id is being used without the application needing to know who the user is, the fact is it can be traced. Countries such as Germany include the right to be anonymous online, thus global uptake will be difficult to achieve. Then comes the issue of providers taking advantage of the system to glean further details at registration for marketing purposes. Yes, there would be an appeals process for those who object to how their data is used, but many would prefer not to get engaged in such a system at the outset.
Commentators such as Raj Samani, VP, EMEA Chief Technology Officer, McAfee who is also a member of the Advisory Group on Internet Security at the EUROPOL CyberCrime Centre, and a strong supporter of moves to protect children online, agreed that this system was technically possible, but questioned whether this approach was viable given the barriers to adoption.
Jim Killock, Executive Director at the Open Rights Group went further, questioning both the viability and the advisability of such a move, telling SC Magazine: “These approaches have been tried before and never been practical. When Germany required pornography in the country to only be accessed by Germans whose age was verified, the sites relocated abroad or closed down. You are not able to control sites outside your territory.”
The logical conclusion of registering ids for adults with children to be able to authorise children, and registering adults without children to be able to exclude them, says Killock, is that, “Everyone ends up registered. People have a right to information and removing that right to anonymity to access information is going over the top”.
Killock also pointed out that anonymity is not just used for bad reasons by criminals, but is also used by whistleblowers to expose criminality and wrongdoing, by people who feel their rights are being abused, or simply to access information in the knowledge that no one is tracking them. And if their fear is that they are being tracked, then this approach could make that a reality.