The federal government is getting ready to force Australians to prove their identity to services like Facebook, Reddit, OnlyFans and TikTok through an age verification process.
As it stands, there’s no standard way for Australians to prove their age or identity online. A 2020 report from the House of Representatives social policy and legal affairs committee recommended the Digital Transformation Agency develop a standard for online age verification.
It also asked the eSafety Commissioner to create a plan for how to mandate age verification for online pornography. The commissioner, Julie Inman Grant, has said her office will come up with a plan by the end of 2022 and has been given the powers under the new Online Safety Act to implement such a system.
Last month this plan became even more ambitious. The draft of the online privacy bill released by Attorney-General Michaelia Cash and Assistant Minister for Mental Health and Suicide Prevention David Coleman requires all social media platforms to “take all reasonable steps” to verify a user’s age — in effect, demanding that platforms can prove somehow exactly who is using their platforms.
How does online age verification work?
Leaving aside the broader debate about how to mitigate risks to young Australians from online pornography or gambling, the premise of an “accurate and effective” method of online age verification is a lot more difficult — and potentially troublesome — an idea than it may at first seem.
When Australians need to prove their age to enter a pub or see an age-restricted movie, they’re able to hand over something like a driving licence, proof-of-age card or passport to a staff member who checks the person is who they say they are.
Doing the same thing online is more complicated, says Edith Cowan University’s associate dean (computing and security) Professor Paul Haskell-Dowland. He says there are a number of technical challenges for obtaining and verifying information provided by someone online.
Traditionally, online service providers like porn websites have either asked people to input their date of birth or provide credit card details to screen out children. Both of these are easily foiled by either providing false information or using someone else’s credit card details. Haskell-Dowland says one of the major challenges for a more accurate age verification system is proving that someone using a computer is who they say they are: “To the web server at the other end, you are completely unknown, there is no way to know without some validation.”
That’s where the idea of using something like facial recognition or other biometrics comes in — ideas explicitly mentioned by Inman Grant as potential options for mandatory systems to access online pornography.
Why are people worried about it?
Naturally the idea of having to scan your face before watching porn worries some. If age verification is mandated for any social media platform, proving your identity also means creating a digital trail between your online activity and your real world identity. Digital advocacy groups and academics argue that online anonymity is crucial, particularly for marginalised groups, and is an important part of self expression.
Proving your online identity also creates a potential privacy risk. If users must upload identification documents to every social media platform, each time increases the chances the data is leaked and released. If a major platform’s security was breached, the exact information that was used to prove an Australian’s identity could be used to imitate them elsewhere online.
There’s also questions about who will be responsible for determining identities. In September, the Digital Transformation Agency announced it had entered into a partnership with Mastercard as part of its development of a digital identity scheme. As the Electronic Frontier Foundation noted in 2020, credit card companies have become de facto internet censors — Mastercard and Visa can decide to cut off someone’s finances like they did with WikiLeaks and countless sex workers.
Creating a system where anyone can prove their identity requires consideration of the many permutations, like how to work with Australians who don’t have a driver’s licence or passport. These systems would also need to be flexible to work with all kinds of systems and use cases. And, as Haskell-Dowland points out, running and maintaining a system is likely to be extremely technically sophisticated and expensive.
While the idea of online age verification seems simple, the execution is fraught for privacy and security. But regardless of the issues, the government has signalled it’s full steam ahead with the plan — with details to be figured out later.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.