What could happen when you ban or put barriers in front of things on the internet?
Surely nothing bad could happen, because you are restricting of banning the bad thing right! *inserts Anakin/Padme meme*
#OnlineSafetyAct #UK
Surely nothing bad could happen, because you are restricting of banning the bad thing right! *inserts Anakin/Padme meme*
#OnlineSafetyAct #UK
So let's look at the scenario:
Controls have been placed in front of adult content sites (where the visitor is 'from the UK')
Controls have been placed in front of adult content sites (where the visitor is 'from the UK')
Introducing the Online Safety Act (a UK Law which applies to UK Citizens/UK Organisations) - sitting in a global internet! (that's important to recognise)
what doe the Act aim to tackle?
As you can see it's not just about children, it's also about:
> Illegal Content
> Adult Content Control
> Suicide and Self Harm Content
As you can see it's not just about children, it's also about:
> Illegal Content
> Adult Content Control
> Suicide and Self Harm Content
Now ok so we know the aim/intent of this act is to prevent/reduce harms to children! So what is one of then key mechanisms they are introducing?
> Age Verification of UK Citizens
(key part here is the standards of age verification and the target audience/applicability of LAW)
> Age Verification of UK Citizens
(key part here is the standards of age verification and the target audience/applicability of LAW)
Ok so we know the Act is mandating age verification for pornography sites but you will see that (because of the board wording of the act) it does not just apply to these sites!
However, let's look at this use case. What are the standards for age verification?
However, let's look at this use case. What are the standards for age verification?
so previous state required a YES/NO.
now we have 'age verification' controls (maybe not the best word to use here...)
Remember this is ring fenced to UK citizens only.
now we have 'age verification' controls (maybe not the best word to use here...)
Remember this is ring fenced to UK citizens only.
So the methods: what we have seen is most orgs are going for Facial age estimation or Photo ID matching...
But the key thing here is: The service provider get to choose.
the control must be:
'technically accurate, robust, reliable and fair.'
[legally I imagine that's some vague AF wording, what is accurate? what is robust? what is reliable? what is fair?]
################
Facial age estimation – you show your face via photo or video, and technology analyses it to estimate your age.
Photo-ID matching – this is similar to a check when you show a document. For example, you upload an image of a document that shows your face and age, and an image of yourself at the same time – these are compared to confirm if the document is yours.
Open banking – you give permission for the age-check service to securely access information from your bank about whether you are over 18. The age-check service then confirms this with the site or app.
Digital identity services – these include digital identity wallets, which can securely store and share information which proves your age in a digital format.
Credit card age checks – you provide your credit card details and a payment processor checks if the card is valid. As you must be over 18 to obtain a credit card this shows you are over 18.
Email-based age estimation – you provide your email address, and technology analyses other online services where it has been used – such as banking or utility providers - to estimate your age.
Mobile network operator age checks – you give your permission for an age-check service to confirm whether or not your mobile phone number has age filters applied to it. If there are no restrictions, this confirms you are over 18.
But the key thing here is: The service provider get to choose.
the control must be:
'technically accurate, robust, reliable and fair.'
[legally I imagine that's some vague AF wording, what is accurate? what is robust? what is reliable? what is fair?]
################
Facial age estimation – you show your face via photo or video, and technology analyses it to estimate your age.
Photo-ID matching – this is similar to a check when you show a document. For example, you upload an image of a document that shows your face and age, and an image of yourself at the same time – these are compared to confirm if the document is yours.
Open banking – you give permission for the age-check service to securely access information from your bank about whether you are over 18. The age-check service then confirms this with the site or app.
Digital identity services – these include digital identity wallets, which can securely store and share information which proves your age in a digital format.
Credit card age checks – you provide your credit card details and a payment processor checks if the card is valid. As you must be over 18 to obtain a credit card this shows you are over 18.
Email-based age estimation – you provide your email address, and technology analyses other online services where it has been used – such as banking or utility providers - to estimate your age.
Mobile network operator age checks – you give your permission for an age-check service to confirm whether or not your mobile phone number has age filters applied to it. If there are no restrictions, this confirms you are over 18.
so a question here must be raised?
what harms are there to a 17 year old watching porn?
what harms are there to an 18 year old watching porn?
but also: are there any benefits to watching porn?
according to GROK there are benefits! (who knew!)
what harms are there to a 17 year old watching porn?
what harms are there to an 18 year old watching porn?
but also: are there any benefits to watching porn?
according to GROK there are benefits! (who knew!)
so that's an open question:
> what are the harms? (if any)
> what are the benefits? (if any)
what other mediums could an under 18 potentially use?
> Adult Film/DVD/Blueray/Broadcast TV
> Adult Books
> Adult Magazines
we have to always look at actor motivation and incentives!
(also remember I'm talking legal content)
so we have a MOTIVATED and INCENTIVISED actor! (person for normal people speak)
they have MEANS, MOTIVE, CAPABILITY (they typically have better skills that the general population of adults when it comes to computers/internet)
> what are the harms? (if any)
> what are the benefits? (if any)
what other mediums could an under 18 potentially use?
> Adult Film/DVD/Blueray/Broadcast TV
> Adult Books
> Adult Magazines
we have to always look at actor motivation and incentives!
(also remember I'm talking legal content)
so we have a MOTIVATED and INCENTIVISED actor! (person for normal people speak)
they have MEANS, MOTIVE, CAPABILITY (they typically have better skills that the general population of adults when it comes to computers/internet)
We also have to ask about harms to the content creators/participants...... but given this is all legal and consensual that's out of scope for this.
this is focusing on the actor that is trying to view content!
So are there benefits to learning how to bypass controls?
I could easily argue that learning to 'hack' or 'bypass' controls on computers has a range of benefits....
but it also comes with risks!
this is focusing on the actor that is trying to view content!
So are there benefits to learning how to bypass controls?
I could easily argue that learning to 'hack' or 'bypass' controls on computers has a range of benefits....
but it also comes with risks!
By adding controls in around age verification, are we creating risk for the people we are trying to protect?
> are we making people under 18 into criminals?
> are we causing more harm than we are preventing?
>are we creating a next generation army of hackers? (that could be good or bad subject to how the skills are applied)
are we trying to solve a societal activity (I am not using the word problem on purpose)?
I would assume based on personal experience and the very nature of this act existing that a big chunk of under 18s watch adult content.....
if they do this.... is trying to stop them?
sensible?
useful?
achievable?
and will it reduce harm or create more?
> are we making people under 18 into criminals?
> are we causing more harm than we are preventing?
>are we creating a next generation army of hackers? (that could be good or bad subject to how the skills are applied)
are we trying to solve a societal activity (I am not using the word problem on purpose)?
I would assume based on personal experience and the very nature of this act existing that a big chunk of under 18s watch adult content.....
if they do this.... is trying to stop them?
sensible?
useful?
achievable?
and will it reduce harm or create more?
What skills could someone learn by hacking or bypassing these age verifications?
What risks are we creating by sending all this PII everywhere?
In this thread I've tried to explore at a high level the fact that:
> censorship creates other risks
> controls create both opportunities and risks
> motivated actors who are innovative are hard to prohibit from achieving objectives (the youth)
> PII & Data processing/collection creates a range of risks (some are very significant)
If your families data was stolen and then criminals threatened to physically harm your children (or your family/friends) because they wanted to watch porn for 10 minutes.....
what if they managed to drain their bank accounts?
what harms are we preventing? (I'm struggling with seeing this here in the context of say a 17 year old watching adult content)
what harm potential have we crated?
It's never simple, it's never one sided.
Over simplification and reductionist thinking about this simply doesn't help.
But lastly..... since all of this can by bypassed with less skill than it takes to take down marks and Spencers.....
have we done the right thing?
have we created more risk/harm than we aimed to prevent?
#OnlineSafetyAct
> censorship creates other risks
> controls create both opportunities and risks
> motivated actors who are innovative are hard to prohibit from achieving objectives (the youth)
> PII & Data processing/collection creates a range of risks (some are very significant)
If your families data was stolen and then criminals threatened to physically harm your children (or your family/friends) because they wanted to watch porn for 10 minutes.....
what if they managed to drain their bank accounts?
what harms are we preventing? (I'm struggling with seeing this here in the context of say a 17 year old watching adult content)
what harm potential have we crated?
It's never simple, it's never one sided.
Over simplification and reductionist thinking about this simply doesn't help.
But lastly..... since all of this can by bypassed with less skill than it takes to take down marks and Spencers.....
have we done the right thing?
have we created more risk/harm than we aimed to prevent?
#OnlineSafetyAct
sorry forgot to include this earlier:
ARE WE FORCING PEOPLE INTO DARK CORNERS?
ARE WE EXPOSING THEM TO MORE HARM?
#OnlineSafetyAct #Internet #Privacy
ARE WE FORCING PEOPLE INTO DARK CORNERS?
ARE WE EXPOSING THEM TO MORE HARM?
#OnlineSafetyAct #Internet #Privacy
and last part probably:
where is the data going? is any of it being sold? is any of it being used to train models?
there's a huge area of potential risk here outside of the criminals side ....
where is the data going? is any of it being sold? is any of it being used to train models?
there's a huge area of potential risk here outside of the criminals side ....
• • •
Missing some Tweet in this thread? You can try to
force a refresh
