Suppose you pulled out your cellphone to post a picture to your favorite social network — let us call it Twinstabooktok — and were asked for a selfie before you could log on. The picture you submitted would not be sent anywhere, the service assured you. Instead, it would use state-of-the-art machine-learning techniques to work out your age. In all likelihood, once you have submitted the scan, you can continue on your merry way. If the service guessed wrong, you could appeal, although that might take a bit longer.
The upside of all of this is that the social network would be able to know that you were an adult user and provide you with an experience largely free of parental controls and paternalist moderation, while children who tried to sign up would be given a restricted version of the same experience.
Depending on your position, that might sound like a long-overdue corrective to the “Wild West” tech sector, or a hopelessly restrictive attempt to achieve an impossible end: a child-safe Internet. Either way, it is far closer to reality than many realize.
Illustration: Kevin Sheu
In China, gamers who want to log on to play mobile games after 10pm must prove their age, or be turned away, as the state tries to tackle gaming addiction.
“We will conduct a face screening for accounts registered with real names and which have played for a certain period of time at night,” Chinese gaming firm Tencent said on Tuesday last week. “Anyone who refuses or fails the face verification will be treated as a minor, as outlined in the anti-addiction supervision of Tencent’s game health system, and kicked offline.”
The same approach might be coming to the UK, where a series of government measures are about to come into force in rapid succession, potentially changing the Internet forever.
THE DOG PROBLEM
The fundamental problem with verifying the age of an Internet user is obvious enough: If, on the Internet, nobody knows you are a dog, then they certainly do not know you are 17 years old.
In the offline world, there are two main approaches to age verification. The first is some form of official ID. In the UK, that is often a driver’s license, while for children it might be any one of a few private-sector ID cards, such as CitizenCard or MyID Card. Those, in turn, are backed by a rigorous chain of proof-of-identity, usually leading back to a birth certificate — the final proof of age.
Just as important for the day-to-day functioning of society is the other approach: looking at people. There is no need for an ID card system to stop seven-year-olds sneaking into an 18-rated movie — it is so obvious that it does not even feel like age verification.
Proving your age with ID, it turns out, is a different thing online than offline, says Alec Muffett, an independent security researcher and former Open Rights Group director.
“Identity is a concept that is broadly misunderstood, especially online, because ‘identity’ actually means ‘relationship,’” he said. “We love to think in terms of identity meaning ‘credential,’ such as ‘passport’ or ‘driving license,’ but even in those circumstances we are actually talking about ‘bearer of passport’ and ‘British passport’ — both relationships — with the associated booklet acting as a hard-to-forge ‘pivot’ between the two relationships.”
In other words, even in the offline world, a proof of age is not simply a piece of paper that says: “I am over 18”; it is more like an entry in a complex nexus that says: “The issuer of this card has verified that the person pictured on the card is over 18 by checking with a relevant authority.”
Online, if you simply replicate the surface level of offline ID checks — flashing a card to someone who checks the date on it — you break that link between the relationships. It is no good proving you hold a valid driver’s license if you cannot also prove that you are the name on the license. If you do agree to that, then the site you are visiting would have a cast-iron record of who you are, when you visited, and what you did while you were there.
SURVEILLANCE FEARS
So in practice, age verification can become ID verification, which can in turn become “subjugated to cross-check and revocation from a cartel of third parties ... all gleefully rubbing their hands together at the monetization opportunities,” Muffet said.
Those fears have scuppered more than just attempts to build online proof-of-age systems.
From the defeat of national ID cards in the era of former British prime minister Tony Blair onward, the British people have been wary of anything that seems like a national database. Begin tracking people in a centralized system, they fear, and it is the first step on an inexorable decline toward a surveillance state. As the weight of legislation piles up, it seems inevitable that something will change soon.
The Digital Economy Act of 2017 was mostly a tidying-up piece of legislation, making tweaks to a number of issues raised since the passage of the much more wide-ranging 2010 act of the same name. One provision, part three of the act, was an attempt to do something that had never been done before, and introduce a requirement for online age verification.
The act was comparatively narrow in scope, applying only to commercial pornographic Web sites, but it required them to ensure that their users were 18 or older. The law did not specify how they were to do that, instead preferring to turn the task of finding an acceptable solution over to the private sector.
Proposals were dutifully suggested, from a “porn pass,” which users could buy in person from a newsagent and enter into the site at a later date, through algorithmic attempts to leverage credit card data and existing credit check services to do it automatically (with a less than stunning success rate).
Sites that were found to be providing commercial pornography to people younger than 18 would be fined up to 5 percent of their turnover, and the British Board of Film Classification was named as the expected regulator, drawing up the detailed regulations.
Nothing happened. The scheme was supposed to begin in 2018, but did not. In 2019, a rumored spring onset was missed, but the government did, two years after passage of the bill, set a date: July that year. Just days before the regulation was supposed to take effect, the government said it had failed to give notification to the European Commission and delayed the scheme further, “in the region of six months.” Then suddenly, in October 2019, as that deadline was again approaching, the scheme was killed for good.
‘WOEFULLY UNREGULATED’
The news saddened campaigners, such as Vanessa Morse, chief executive of the Centre to End All Sexual Exploitation (CEASE).
“It’s staggering that pornography sites do not yet have age verification,” she said. “The UK has an opportunity to be a leader in this, but because it’s prevaricated and kicked into the long grass, a lot of other countries have taken it over already.”
Morse argues that the lack of age-gating on the Internet is causing serious harm.
“The online commercial pornography industry is woefully unregulated. It’s had several decades to explode in terms of growth, and it’s barely been regulated at all. As a result, pornography sites do not distinguish between children and adult users. They are not neutral and they are not naive: They know that there are 1.4 million children visiting pornography sites every month in the UK,” she said.
“And 44 percent of boys aged between 11 and 16, who regularly view porn, said it gave them ideas about the type of sex they wanted to try. We know that the children’s consumption of online porn has been associated with a dramatic increase in child-on-child sexual abuse over the past few years. Child-on-child sexual abuse now constitutes about a third of all child sexual abuse. It’s huge,” she added.
Despite protestations from CEASE and others, the government shows no signs of resurrecting the porn block. Instead, its child-protection efforts have splintered across an array of different initiatives.
The online harms bill, a piece of legislation from the era of former British prime minister Theresa May, was revived by British Prime Minister Boris Johnson’s administration and finally presented in draft form in May: It calls for social media platforms to take action against “legal but harmful” content, such as that which promotes self-harm or suicide, and imposes requirements on them to protect children from inappropriate content.
Elsewhere, the government has given nonbinding “advice” to communications services on how to “improve the safety of your online platform.”
“You can also prevent end-to-end encryption for child accounts,” the advice reads in part, because it “makes it more difficult for you to identify illegal and harmful content occurring on private channels.”
Widely interpreted as part of a larger government push to have WhatsApp turn off its end-to-end encryption — long a bane of law enforcement, which resents the inability to easily intercept communications — the advice pushes for companies to recognize their child users and treat them differently.
A WIDE NET
Most immediate is the Age Appropriate Design code. Introduced in the Data Protection Act of 2018, which implemented the EU’s General Data Protection Regulation in the UK, the code sees the information commissioner’s office laying out a new standard for Internet companies that are “likely to be accessed by children.”
When it comes into force in September, the code would be comprehensive, covering everything from requirements for parental controls to restrictions on data collection and bans on “nudging” children to turn off privacy protections, but the key word is “likely.”
Some fear that in practice it would draw the net wide enough that the whole Internet would be required to declare itself “child friendly” — or to prove that it has blocked children.
The National Society for the Prevention of Cruelty to Children (NSPCC) is strongly in support of the code.
“Social networks should use age-assurance technology to recognize child users, and in turn ensure they are not served up inappropriate content by algorithms and are given greater protections, such as the most stringent privacy settings,” NSPCC senior child safety online policy officer Alison Trew said. “This technology must be flexible and adaptable to the varied platforms used by young people — now and to new sites in the future — so better safeguards for children’s rights to privacy and safety can be built in alongside privacy protections for all users.”
Because the code’s requirements are less rigorous than the porn block, providers are free to innovate a bit more. Take Yoti: The company provides a range of age verification services, partnering with CitizenCard to offer a digital version of its ID, and working with self-service supermarkets to experiment with automatic age recognition of individuals.
John Abbott, Yoti’s chief business officer, said that the system is already as good as a person at telling someone’s age from a video of them, and has been tested against a wide range of demographics — including age, race and gender — to ensure that it is not wildly miscategorizing any particular group.
NOT RECOGNITION
The company’s most recent report claims that a “Challenge 21” policy — blocking people under the age of 18 by asking for strong proof of age from people who look younger than 21 — would catch 98 percent of 17-year-olds and 99.15 percent of 16-year-olds.
“It’s facial analysis, not facial recognition,” Yoti regulatory and policy director Julie Dawson said. “It’s not recognizing my face one-to-one, all it’s trying to work out is my age.”
That system, the company thinks, could be deployed at scale almost overnight, and for companies that simply need to prove that they are not “likely” to be accessed by children, it could be a compelling offer.
It is not, of course, something that would trouble a smart 14-year-old — or even just a regular 14-year-old with a phone and an older sibling willing to stand in for the selfie — but perhaps a bit of friction is better than none.
In an article published in Newsweek on Monday last week, President William Lai (賴清德) challenged China to retake territories it lost to Russia in the 19th century rather than invade Taiwan. “If it is really for the sake of territorial integrity, why doesn’t China take back Russia?” Lai asked, referring to territories lost in 1858 and 1860. The territories once made up the two flanks of northern Manchuria. Once ceded to Russia, they became part of the Russian far east. Claims since then have been made that China and Russia settled the disputes in the 1990s through the 2000s and that “China
China has successfully held its Forum on China-Africa Cooperation, with 53 of 55 countries from the African Union (AU) participating. The two countries that did not participate were Eswatini and the Sahrawi Arab Democratic Republic, which have no diplomatic relations with China. Twenty-four leaders were reported to have participated. Despite African countries complaining about summit fatigue, with recent summits held with Russia, Italy, South Korea, the US and Indonesia, as well as Japan next month, they still turned up in large numbers in Beijing. China’s ability to attract most of the African leaders to a summit demonstrates that it is still being
Trips to the Kenting Peninsula in Pingtung County have dredged up a lot of public debate and furor, with many complaints about how expensive and unreasonable lodging is. Some people even call it a tourist “butchering ground.” Many local business owners stake claims to beach areas by setting up parasols and driving away people who do not rent them. The managing authority for the area — Kenting National Park — has long ignored the issue. Ultimately, this has affected the willingness of domestic travelers to go there, causing tourist numbers to plummet. In 2008, Taiwan opened the door to Chinese tourists and in
Taiwan People’s Party (TPP) Chairman Ko Wen-je (柯文哲) on Thursday was handcuffed and escorted by police to the Taipei Detention Center, after the Taipei District Court ordered that he be detained and held incommunicado for suspected corruption during his tenure as Taipei mayor. The ruling reversed an earlier decision by the same court on Monday last week that ordered Ko’s release without bail. That decision was appealed by prosecutors on Wednesday, leading the High Court to conclude that Ko had been “actively involved” in the alleged corruption and it ordered the district court to hold a second detention hearing. Video clips