Stronger online authentication and age verification is on its way

Historians will no doubt quibble about when, exactly, Internet 1.0 started to die and glimpses of  Internet 2.0 first became evident. I think President Obama’s incumbency will certainly be seen as a key staging post.

The enormity of the Obama Administration’s ambition is breathtaking, even if it can be described in quite prosaic language.  Put simply they want to make the internet safer and better by reducing the scope for mischief caused by fakery.   

  • It’s a long list

Spam, sites selling non existent tickets or non existent goods, hate mail,  stalking, false profiles and bullying, phishing sites, other forms of identity theft, improbable anatomical enhancements, dodgy pharmaceuticals and child pornography all scent the air of cyberspace with an enduring aroma. And it is not very pleasant.  Most of us do not encounter these sorts of things every day but we all know we must be constantly on our guard. It puts a lot of people off. It shouldn’t be like that, or rather, since nothing will ever be 100% certain 100% of the time, it should be a great deal better than it is.  

  • Almost impossible to be truly anonymous

The bad guys behind much of the behaviour complained of believe they can get away with their crimes in part because they have covered their tracks and made themselves anonymous.

In fact it is exceptionally difficult to do anything on the internet without leaving a traceable footprint of some kind, but it is also the case that the level of resources that might be required to follow a chain of events across jurisdictions and time zones means it just won’t happen, either at all or any time soon, if the crime or incident being investigated is not considered to be of sufficient moment. Many online criminals are very well aware of this. They rely on it. It tilts the odds substantially in their favour.

  • US Government makes moves

The outline of the US Government’s plans were prefigured in the Cyberspace Policy Review in May 2009. June 2010 saw the release of the National Strategy for Trusted Identities in Cyberspace – Creating Options for Enhanced Online Security and Privacy. Then on 7th January 2011 the whole project moved up a notch when, at Stanford University, US Secretary for Commerce Gary Locke announced the establishment of a National Programme Office to push things forward.

  • A market failure

The free market was not stepping up to this particular plate. Maybe the US Government finally accepted that no one company was big enough to do it alone or would want to risk the attempt. The reputational and economic consequences of failure could be substantial. A group of large private sector corporations acting in concert might not be hugely attractive either, raising fears of anti-trust suits and a new oligopoly in what is, after all, an extremely sensitive policy area. A broad base of activity responding to a public sector lead seems the right approach.

  • When reliable IDs are commonplace

If things go according to plan we can look forward to a future when highly reliable online identities are  ubiquitous. It then becomes easy to imagine how they might spread to many environments where currently online IDs are considered unworkable or their high level of unreliability makes them undesirable.  

  • Privacy enhancing

These new ID technologies will be privacy enhancing. Rather than having to surrender any and all of your personal data to join a particular web site or obtain a specific service, you could hand over a machine-readable digital token which contains the bare minimum needed to satisfy the providers that you qualify.

  • Being able to prove who you are is only necessary in some circumstances

Obviously there will be many environments where being able to prove who you are will be completely irrelevant and unnecessary. The Blogosphere might be one of those.

But there will be other instances where it will be important. An obvious case would be any web site that sold or supplied products or services that were legally age restricted, and this sort of example appears in the National Strategy for Trusted Identities in Cyberspace document.

Another would be a service that, for whatever reason, states an age limit. 25% of all children in the UK between the ages of 8 and 12 belong to web sites that give 13 as the minimum age. In the USA the proportion is higher. With the emergence of new, ultra sensitive services such as location aware apps it is becoming increasingly urgent that we find much better ways of making these age related policies mean something. Either that or we should abandon them altogether, and I do not think anyone is ready for that.

  • Wilful ignorance

A company should not be allowed to remain wilfully ignorant of a fact which it proclaims to be important. COPPA immunity has a lot to answer for.

  • The debate in the USA

The discussion about age verification that took place in the USA following the terrible crimes committed against some children in the early days of MySpace was highly politicised. It did a serious disservice to what is an important issue.

There is no way any kind of age verification system can be used to guarantee a “paedophile free” online environment. Neither can age verification become a substitute or replacement for on-going education and awareness initiatives about internet safety.

  • Age verification is not all about warding off paedophiles

But robust online age verification can do a lot of stuff which, in real life, we take for granted and do routinely. Moreover it is simply implausible to argue that it is impossible to construct any kind of age verification system which does not itself constitute a risk to children.

The entire history of the internet is a narrative about challenges being confronted and defeated.  One week something was not just impossible. It was unimaginable. The next it was standard.

What has been lacking hitherto in the area of age verification is any desire or determination to do it. Powerful commercial interests have been ranged against age verification, clustered around internet companies that rely on advertising to generate their revenues and have no on-going billing relationship with their users.

  • Getting things moving

The White House is trying to break the log jam. The Federal Government will become an early adopter. That should get the market moving and if it moves in the USA it will soon start moving on this side of the pond. Indeed the White House papers talk constantly of an “eco-system of interoperable authentication systems”. That is most assuredly what we need.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Age verification, Self-regulation and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s