[Salon] Will Online Age Verification Be the Trojan Horse for the Mass Rollout of Digital IDs?




Will Online Age Verification Be the Trojan Horse for the Mass Rollout of Digital IDs?

Nick CorbishleyNovember 19, 2024

Online age verification threatens to trap everyone, not just minors, in its web, as the Australian government recently admitted.

As readers may recall (while perhaps also recoiling), Spain is in the process of developing a licence to w*nk online. In July, the Pedro Sánchez government unveiled plans to launch a digital age verification system to prevent minors from being able to access pornographic websites. The country’s then-Minister of Digital Transformation (an increasingly common government position), José Luis Escrivá, announced that the system would be based on a digital wallet app that is currently in the beta phase of testing.

The app will allow adult porn users to obtain anonymous digital access credentials, which according to the government will soon be necessary to enter digital spaces hosting adult content. The government has even spoken of rationing the amount of online porn adult users can consume. It is also considering making changes to Spain’s General Telecommunications Law that will allow it to ban access to all digital platforms that do not incorporate age verification mechanisms. It is not alone in seeking such powers.

In October, Ireland adopted its Online Safety Code, which mandates that digital services protect people, especially children, from harm online. It calls on video-sharing platforms to, among other things, use age-assurance mechanisms to prevent children from accessing pornography or gratuitous violence.

As is often the case with sweeping Internet regulation, there are at least a few positive features, such as restrictions on corporate advertising that urges children to buy something by exploiting their inexperience or credulity, or to ask their parents to buy something. In the UK, the government is considering supporting a private member’s bill that would raise the age at which social media companies would be allowed to harvest data on children.

Ireland’s age verification rules will apply to all video-sharing platforms that have their EU headquarters in the country including Facebook, YouTube, X, TikTok, LinkedIn, Tumblr, and Instagram. This is an advantage Ireland has over most other EU countries when it comes to implementing online legislation: thanks to its low corporate tax rate, many of the world’s largest tech companies have chosen Dublin as the headquarters for their European operations, granting the Irish government a certain amount of leverage over them.

In Spain, by contrast the proposed digital verification system will only be mandatory for adult content websites hosted in Spain. In other words, once the system is up and running (assuming it ever is), users, regardless of their age, will be able to continue accessing the vast majority of adult content sites on the Internet without any government hindrance. And if someone specifically wants to continue accessing Spanish-hosted porn, they could do so by simply using a VPN.

New Developments on Spain’s “Pajaporte”

Since July, Escrivá has moved on to greener pastures, and is now serving as governor of the Bank of Spain. Last week, his replacement as minister of digital transformation, Óscar López, claimed that the government has already developed the technological apparatus to make the ‘Beta Digital Wallet’ app a practical reality. From La Vanguardia:

During his appearance before the Committee on the Economy, Trade and Digital Transformation, López said that some people have asked the Government to put the initiative on hold until new European regulation on the protection of minors comes into force some time next year. However, he said that “the Government is not going to sit idly by” and will fulfil President Pedro Sánchez’s pledge to approve this tool, without waiting for EU legislation.

The proposed age verification app, which has already been dubbed on social media as “pajaporte” — an amalgam of the Spanish words “paja” (to jerk off or wank) and “pasaporte” — is now being tested by Spain’s National Cryptologic Centre, says López. And its reach is likely to extend far beyond Spanish residents’ porn habits.

In July, Carmen Cabanillas, director general of governance at the Ministry of Digital Transformation, said the tool could also be required to access messaging apps, social media, video sharing sites and internet browsers, which, as I pointed out in my previous piece, is eerily reminiscent of two of the ten use cases (telecommunications, social platforms) depicted on the World Economic Forum’s now-infamous 2018 infographic on digital identity.

More ominous still, López said that “the Spanish tool is being followed closely in Europe” and that “in a year’s time the whole of Europe will be using it”.

As I posited in my July 12 article, “A License to W*nk: Spain to Launch Digital Identity Wallet to Limit and Ration Access to Internet Porn Sites”, the real motive here is not to protect young children from the insidious effects of online porn, which is almost certainly a laudable goal given the violent nature of porn today and the young age at which many children are being exposed to it; it is to begin the process of launching digital identity wallets for widespread public use:

[Now that digital identity is a legal reality in the EU], what we are likely to see in the months ahead is a sudden explosion of Trojan Horse initiatives aimed at instilling the need for digital identity wallets for a host of common everyday activities or services, whether accessing porn websites or, as in India, receiving State benefits. As with the vaccine certificate, the goal is to achieve as broad an uptake in as short a time as possible.

The government of Greece recently provided a hint of how that might be achieved: by making access to certain public services and spaces — in this case, sports stadiums — contingent on possession of a digital ID wallet…

Of course, [these policies] directly contradict the Commission’s repeated assurances that the digital identity wallet is purely optional and that EU citizens will not face exclusion or discrimination for not using one…

Speaking at an event this week on “Governing in the Age of AI”, organised by his own TBI foundation, Tony Blair, one of the world’s most vocal advocates of digital surveillance and control technologies, described Digital ID as “an essential part of a modern digital infrastructure.” He then added, to peals of laughter from the audience, that “we will have a little work of persuasion to do here.”

Five Eye Nations Also on Board

Perhaps unsurprisingly, the Five Eye nations are also firmly on board with the idea of online age verification. Australia, which launched its own digital identity app, myID, earlier this year, is looking to ban under-16s from social media platforms, and will need an age verification system to enforce that ban. To the end, on May 1 this year the Albanese government announced the launch of an age assurance technology trial to “protect children from harmful online content.”

The proposal enjoys full cross-party support. Here is Peter Dutton, the leader of the main opposition Liberal Party, explaining why these draconian measures are necessary:

The comments below Dutton’s video are eye-opening. Virtually none of them are positive. As of writing, the video has been retweeted 319,000 times and liked just 465 times. Many of the commenters accuse the government and main opposition party of seeking to intrude excessively in the lives of children and their parents. Some point out that online age verification is merely a handy gateway for the introduction of digital identity into our lives.

For governments around the world, one of the great advantages of age verification, or assurance as the Austrian government is now calling it, is that it traps everyone in its web — not just under-16s but just about anyone who wants to use the Internet. As members of the Australian government recently admitted, everyone will soon have to prove their age to use social media. And that will presumably mean having to use the government’s recently launched digital ID app, myID:

The last exchange in this grilling is perhaps the most revealing. When the MP on the Senate Committee insinuates that the government’s proposed age assurance system “has privacy and data protection implications for literally everyone who uses social media,” the government official responds by pointing out consumer researchers are on the case to see if there is “consumer” (note: not citizen) willingness in particular aspects that are important to them. In other words, what areas can the government salvage from the proposed bill?

If there is any good news to be had at all, it is in the fact that implementing and enforcing an age assurance system across the worldwide web appears to be a lot easier said than done, as The Guardian reported last week:

[T]he Labor government has not spelled out how it expects Facebook, Instagram, TikTok and others to actually enforce that age limit. Anthony Albanese is facing pressure from the Coalition opposition to rush the bill through parliament in the next three weeks, although a federal trial into age assurance technology has not yet commenced.

Albanese and the communications minister, Michelle Rowland, did not rule out the potential for social media users to have their faces subject to biometric scanning, for online platforms to verify users’ ages using a government database, or for all social media users – regardless of age – being subject to age checks, only saying it would be up to tech companies to set their own processes…

The onus would be on social media platforms to “demonstrate they are taking reasonable steps to prevent access” for young people, Albanese said. There would be no penalties for users who managed to access social media under the age of 16, or their parents, but Rowland said there would be penalties for platforms that did not heed the new laws.

Despite its enthusiasm for online age verification, Australia, like France, appears to have paused the rollout of age verification systems. According to the Electronic Frontier Foundation, both countries found that these systems could not adequately protect individuals’ data or tackle the issues of online harms alone. Meanwhile, in the UK the Keir Starmer government is apparently following developments closely in Australia, with a view to implementing a similar age verification system.

Canada, by contrast, appears to be ploughing ahead with its proposed bill, S-210, which, as the Electronic Frontier Foundation recently warned, is “meant to benefit children, but would sacrifice the security, privacy, and free speech of all internet users”:

First introduced in 2023, S-210 seeks to prevent young people from encountering sexually explicit material by requiring all commercial internet services that “make available” explicit content to adopt age verification services. Typically, these services will require people to show government-issued ID to get on the internet. According to bill authors, this is needed to prevent harms like the “development of pornography addiction” and “the reinforcement of gender stereotypes and the development of attitudes favorable to harassment and violence…particularly against women.”

The motivation is laudable, but requiring people of all ages to show ID to get online won’t help women or young people. If S-210 isn’t stopped before it reaches the third reading and final vote in the House of Commons, Canadians will be forced to [use] a repressive and unworkable age verification regulation.

We’ve said it before: age verification systems are surveillance systems. Users have no way to be certain that the data they’re handing over is not going to be retained and used in unexpected ways, or even shared to unknown third parties. The bill asks companies to maintain user privacy and destroy any personal data collected but doesn’t back up that suggestion with comprehensive penalties. That’s not good enough.

Companies responsible for storing or processing sensitive documents like drivers’ licenses can encounter data breaches, potentially exposing not only personal data about users, but also information about the sites that they visit…

Fundamentally, S-210 leads to the end of anonymous access to the web. Instead, Canadian internet access would become a series of checkpoints that many people simply would not pass, either by choice or because the rules are too onerous.

Clearly, governments have a very different conception of how the Internet should look in the future. And lest we forget, many of them are scrambling to impose sweeping digital censorship regimes, with the EU, of course, leading the way. In just the past two years, the EU’s Code of Practice on Disinformation has lost its ostensibly voluntary character with the passage of the Digital Services Act (DSA), which, as one retired German judge warned, poses an existential threat to freedom of speech in Europe.

But if the recent experience of Australia and France is any indication, government plans to unleash age verification across the Internet are likely to face significant technical obstacles.  There is also a chance, however slim, that enough members of the public may cotton on in time to mount a last-ditch resistance. We have already seen this happen with SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act). More recently, the Canadian province of Ontario paused plans to introduce a government-run digital ID due to the scale of public pushback.



This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.