Let’s enforce age-gate rules to secure children on the internet | #itsecurity | #infosec


Peter Steiner’s famous cartoon in the New Yorker about online anonymity—that on the internet, nobody knows you’re a dog—becomes devastating in the context of digital inscrutability for kids. When nobody knows who is under 13, tweens can compare themselves with thinfluencers on Instagram, 5-year-olds can broadcast to hundreds of adults on streaming platforms, and children can wander into a strip club in the metaverse, according to a grim BBC News investigation published recently. Most popular social media firms including ByteDance Ltd’s TikTok and Meta Platforms Inc’s Instagram have an age minimum of 13, but none of them does much to keep kids off its systems beyond asking for a date of birth.

That’s why it is encouraging to see an array of new children’s codes proposed by legislators across Europe, Australia and also in the US, aimed at making the internet safer for kids. If they work, online apps will be forced to offer alternative versions for children.

But the efficacy of these laws will hinge on consistently and accurately recognizing when web users are under-age, without compromising the privacy of users. For the moment, the most prominent proposals impose age minimums, but unfortunately neglect to offer rules on how information is to be gathered or kept secure.

There are already myriad ways to attempt to verify someone’s age online, ranging from the cutting edge to the creepy to the mundane. With facial analysis, for instance, algorithms taught using thousands of facial images can estimate someone’s age through the front-facing camera of a phone or computer, typically accurate to within a year or two. Artificial intelligence could also divine age from someone’s voice, while digital tokens offering proof of age that are verified by local shopkeepers can be used to access certain websites.

Web platforms also can tap profiling data based on someone’s online behaviour. By the time children turn 13, advertising and tech firms have already captured about 72 million data points about them, according to a 2017 study by tech privacy firm SuperAwesome Inc. Other less technologically sophisticated methods include carrying out a credit check or verifying a person’s age via their mobile network operator.

Yet, as age-recognition technology has advanced, policies for capturing the information have failed to keep pace. One risk is that improving technology will also make it easier for companies or even malicious actors to harvest the facial data of thousands of people on the net, including children.

Other proposals seem to have good intentions but lack teeth. Two bodies that oversee international standards for businesses have crafted internet age-verification proposals. With the snappy names ISO-SC27/WG5 and IEEE-P2089.1, both rules are being reviewed by member countries and could begin to be adopted in the next 12 to 18 months. But it’s unclear if the standards will be mandatory, a troubling weak spot for any new law aiming to protect kids online.

UK lawmaker Beeban Kidron, who was behind a law known as the Children’s Code that forced several large internet companies including Facebook and TikTok to tweak their services for children, is now banging the drum for strict standards on age checks. She isn’t particularly worried about which technological method works best: “When you set the bar for what something must be, then everybody innovates to meet it,” she said in an interview.

A new UK proposal, the Online Safety Bill, is expected to go before Parliament this year. But so far the measure doesn’t require companies to follow certain standards for age checking.

In the US, two senators recently proposed the Kids Online Safety Act, modelled on the latest UK bill. But the US proposal lacks detail on how standards for age-checking would be enforced, saying only that US regulators should explore technically feasible methods.

While the US and UK debate age-verification standards, Germany might be the first to impose them on internet businesses. The German government has already approved approximately 80 different approaches for age-checking online and the country’s regulators are further ahead than any others, according to Julie Dawson, head of policy at Yoti Ltd, a London-based age-verification company. Germany’s child protection regulators also have threatened to block one of the world’s largest pornographic websites over inadequate age-checking.

Standards don’t achieve much without penalties. They only really work when governments make them enforceable by regulators. Even the most promising laws aimed at protecting children on the internet will be toothless if standards for recognizing children in the first place are not set strictly in stone.

Parmy Olson is a Bloomberg Opinion columnist covering technology.

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint.
Download
our App Now!!



Original Source link

Leave a Reply

Your email address will not be published.

87 − eighty five =