I am Chair of the Advisory Board of a project called “EU Consent”. If you click on the link you will see the overall aim is to “make the internet age aware.”
The internet was built for adults by adults who never anticipated children would be major users. Yet today 1 in 3 of all internet users in the world is a child. In the UK and most of Europe children make up 1 in 5 of all users.
According to Ofcom, in 2021 99% of all children between the ages of 3 and 17 went online at some point. Mobile devices seem to be the primary means of accessing the internet, with 72% using a phone and 69% using a tablet.
Children are in the world of Apps big time.
Moreover, those sort of percentages do rather underline that while the internet is many things to many people, in several key manifestations it is now undeniably a major part of the consumer space. Those parts need to start adjusting to the sort of safety and other standards which are taken for granted for products and services provided to consumers for use at home or by children.
This means making the internet age aware. See above. Simply ticking a box to confirm one’s age is no longer acceptable, yet it remains the most common practice. Read on.
What’s in a name?
We are called “EU Consent” because initially the project received funding from the European Union. When EU funding stopped, “End Violence Against Children” stepped in. This was established in 2016 by the Secretary General of the UN. Now known as ” Safe Online” it is a global partnership hosted by UNICEF. However “EU Consent” has sort of become an established brand so we see no urgent need to abandon it at the moment.
Phew! These provenance issues seem to touch so many nerves one has to proceed with great (dare I say “exhausting”?) care.
Here’s how it works
More specifically, we are developing an international, interoperable framework to allow Apps and sites to carry out age assurance measures, including age verification, or obtain parental consent. A site or service might now be required by law or regulations to do this, or it could simply be the declared policy of the site or service. The framework provides a means by which age verification and age assurance providers can work together without undue duplication, higher costs and hassle.
Thus, you buy alcohol online from a site in Slovenia. They take you through a robust age verification process carried out by an acknowledged age verification provider who is connected to, complies with and conforms to the international standard embodied in the framework.
You then find yourself in Argentina and you want to order cigarettes online. You don’t have to go through the same routine again. The Argentinian vendor would connect with the original age verification provider and that’s it. Done. At a technical level everybody in the supply chain has done everything they reasonably could to make sure children are not being exposed to or able to acquire material, products or services not intended for them.
Keeping porn away from children’s eyes was a major initial driver for this movement but it extends way beyond that. In the UK, for example, there are a great many products or services now available online where there is a defined legal age limit. In some cases the penalties for breach can be severe.
Ethics and the law are catching up
It is no longer ethically acceptable for a site or service simplyto say “This site, service or product is only meant for persons of x age and above. Please tick a box to confirm that you are that age or above” then do nothing further to ensure that the statement means something. In some countries the law is now stepping in to oblige companies to take action to confirm the person concerned is being truthful.
How we got here
How did we ever get to a place where ticking a box was considered acceptable anyway?
Back in the 20th Century, in 1998 to be precise, when the internet was still pretty much a wholly-American affair, the US Congress passed the “Child Online Privacy Protection Act” (COPPA). In essence what this law said was at the age of 13 a child did not need to obtain parental consent before opening up an account with an online business. The idea behind the legislation was that 13 year olds were sufficiently mature to make a decision for themselves in relation to joining a commercially driven internet service where they would be served advertising.
The problem was this became a de facto standard for every type of internet site or service. It had nothing to do with exposure to commercial advertising as such.
At one stage in the EU, when the GDPR was being drafted, it was proposed to make 13 the standard for every type of site or service that collected data from its users. The only reason advanced was that it was already a de facto global standard because the Americans had adopted it many years ago. That got thrown out and we ended up with a hotch potch.
Back to the USA. If a child was below the age of 13 the COPPA law said the site or service had to obtain parental consent to allow the child to join. But here’s the thing: nobody was required to confirm or verify the declared age. Only if you later discovered an account holder had lied about their age and they were under 13 was the business required to act.
They just banned under 13s!
In order to avoid getting into the messy business of collecting parental consent most sites and services simply said persons under the age of 13 were not allowed to become members or users. However, linked to there being no obligation to verify anything, what quickly happened was hundreds of millions of children around the world simply invented a birth date that put them above the lower limit.
In 2022 in the UK fully 1 in 3 children who had joined a social media service had given themselves an incorrect age and in fact declared themselves to be adults i.e. over 18. Even sites and services specifically meant for adults e.g. porn sites, had children as young as eight or nine visiting them on a regular basis and in vast numbers.
Water under a murky bridge
One can argue online businesses could and should have done more to rectify this problem on a voluntary basis, but the fact is they didn’t.
Depsite repeated protestations and delarations about ” taking child safety very seriously” , even in the face of a growing body of evidence about harms to children, particularly around the way their algorithms were leading to very worrying outcomes for too many children, the modern magicians of Silicon Valley seemed unwilling or unable to address this problem. For once their other-worldly, wizarding powers deserted them. It was all about parents taking more responsibility. Until now. Now scalable technical solutions have emerged to help solve the problem.
600 meet in Manchester
Anyway, in Manchester last week over 600 people from all parts of the world gathered, about half literally (that was max capacity for the venue) and the other half virtually, to discuss the latest advances in robust, privacy-respecting, scalable age verification and age assurance technologies.
These can provide a highly efficient, inexpensive way to reduce children’s exposure to material, products and services intended for consumers of a particular age or as a way of constructing environments where only persons within defined age parameters will be admitted.
Better than the physical world
Tech can improve on humans. In the physical world we have the problem of skillfully constructed fake IDs which can be presented at the entrance to a pub or club or in a supermarket by anyone with even minimal Photoshopping skills and access to a decent printer and laminator. Such factors aside, when one human looks at another the success rate at accurately judging their age is not that brilliant anyway.
In test purchases conducted in London over 13% of retailers sold knives over the counter to persons below the age of 18, in some instances to children as young as 13. And bear in mind the penalties for doing this come swiftly and are heavy.
In the USA in 2021 in a national survey 22.2% of young e-cigarette and tobacco users reported that they had obtained the forbidden items from a vape or tobacco shop with 17% getting them from a convenience store or petrol station.
Technology can make us better at protecting children. Every av solution I know about gets a lot nearer 100% than any of the above.
PS The FTC did not ban anything….
A short note on the recent FTC decision in the USA: the idea of using age estimation technology as a way of protecting children has NOT been turned down by the FTC. They simply declined to take a view pending a fuller technical evaluation, which is is currently underway.
Desiderata 