the security viewpoint: there are no good options
WE SPOKE TO FENNEL AURORA, A SECURITY ADVISER AT F-SECURE, TO GET A FEEL FOR WHAT THE SECURITY INDUSTRY THINKS ABOUT THE FORTHCOMING AGE-VERIFICATION PROCESS. HERE’S WHAT HE HAD TO SAY
“Enforcement of an age-verification process is clearly extremely negative for security and privacy, as well as the general health of our democracy, and for the physical safety of girls and LGBTQIA+ children. There are three possible configurations to implement this, with all of them being a bad option:
1
There is a government system that everyone must integrate into their websites. This would mean the government having a database of blackmail material on millions of citizens, as well as an easy way to inject warrantless surveillance code into websites without anyone knowing.
2
There is a system run by a single company, or a few major companies, like Facebook, and everyone integrates this within their sites. These companies would then have these highly sensitive databases and would attempt to monetise them. As we have seen, companies whose business model is monetisation of user data cannot be trusted to behave
ethically and cannot be trusted to not abuse their positions of power. 3
There is a system developed ad-hoc by each website. Given the level of resources and know-how of most site operators, we can assume that there will be many breaches of the data – it’s not a question of if, but when. And the same issues with the lack of ethics around user data monetisation remain.
“There is no system for verification that cannot be subverted with relative ease. At the same time, identity systems are inevitably exclusionary, leaving the poor and the vulnerable without access because they do not have the resources and/or time needed to give the necessary ‘proof’ – think of the bad faith leading to the deportations of members of the Windrush generation on a much larger scale, or the use of highly selective ‘voter ID’ laws in the US to exclude voters of colour.
“The question to ask isn’t whether this can work, or how do we make this work, but why are we doing it at all?”