There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.
Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”
Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification:
2000 – Commission on Online Child Protection (“COPA Commission”)
“[Age verification] imposes moderate costs on users, who must get an I.D. It imposes high costs on content sources that must install systems and might pay to verify I.D.s. The adverse effect on privacy could be high. It may be lower than for credit card verification if I.D.s are separated from personally-identifiable information. Uncertainty about the application of a harmful to minors standard increases the costs incurred by harmful to minors sites in connection with such systems. An adverse impact on First Amendment values arises from the costs imposed on content providers, and because requiring identification has a chilling effect on access. Central collection of credit card numbers coupled with the “embarrassment effect” of reporting fraud and the risk that a market for I.D.s would be created may have adverse effect on law enforcement.”
2002 – Youth, Pornography, and the Internet (“Thornburgh Commission”)
“In an online environment, age verification is much more difficult because a pervasive nationally available infrastructure for this purpose is not available. […] Note that each of these [age verification] methods imposes a cost in convenience of use, and the magnitude of this cost rises as the confidence in age verification increases.” (p. 63-4)
2008 – Safer Children in a Digital World (“Byron Review”)
“[N]o existing approach to age verification is without its limitations, so it is important that we do not fixate on age verification as a potential ‘silver bullet.’” (p. 99)
2009 – Internet Safety Technical Task Force (ISTTF)”
Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness. Any system that relies on remote verification of information has potential for inaccuracies. For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s. Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records. Any system that focuses on third-party in-person verification would require significant political backing and social acceptance. Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.” (p. 10)
2009 – “Point Smart. Click Safe” Blue Ribbon Working Group
“The task force acknowledges that the issues of identity authentication and age verification remain substantial challenges for the Internet community due to a variety of concerns including privacy, accuracy, and the need for better technology in these areas.”
2010 – Youth Safety on a Living Internet: Repost of the Online Safety and Technology Working Group (“OSTWG“)
“There is no quick fix or “silver bullet” solution to child safety concerns, especially given the rapid pace of change in the digital world. A diverse array of protective tools are currently available today to families, caretakers, and schools to help encourage better online content and communications. They are most effective as part of a “layered” approach to child online safety. The best of these technologies work in tandem with educational strategies, parental involvement, and other approaches to guide and mentor children, supplementing but not supplanting the educational and mentoring roles.” […] “age verification is not only not effective but not necessarily advisable. There was some evidence presented to the (ISTTF) Task Force that it might actually endanger youth by keeping adult guidance or supervision out of online spaces where peer-on-peer harassment or cyberbullying could occur.” (p. 7, 27)
This makes it clear that there is near-universal consensus that mandatory age verification is not the smart path forward. In my closing statement to the Harvard Berkman Center Internet Safety Technical Task Force, of which I was a member, I actually went even further and argued that mandatory age verification represents a dangerous solution to concerns about online child safety because it:
- Won’t Work: Mandatory age verification will not work as billed. For the reasons detailed below, it will fail miserably and create more problems than it will solve.
- Will Create a False Sense of Security: Because it will fail, mandatory age verification will create a false sense of security for parents and kids alike. It will lead them to believe they are entering “safe spaces” simply because someone has said users are “verified.”
- Is Not a Background Check: Moreover, even if age verification did work as billed, it is important to realize it is not synonymous with a complete background check. In other words, even if the verification process gets the age part of the process right, that tells us little else about the person being verified.
- Is a Grave Threat to Privacy: Mandatory age verification is dangerous because it would require that even more personal information (about kids, no less) be put online at a time when identity theft and privacy violations continue to be a major concern.
- Will Seriously Misallocate Resources: Devising and enforcing age verification regulations might also divert valuable time and resources that could be better used to focus on education and awareness-building efforts, especially K-12online safety and media literacy education. Moreover, it might divert law enforcement energy and resources away from policing serious crimes or more legitimate threats to children
I went on to post “10 Questions about Age Verification that the AGs Must Answer” if they continued their foolish pursuit of this misguided silver bullet (non-)solution. Instead of repeating them all here, I have simply appended my closing statement to this post. [see Scribd embed below].
In closing, I remain convinced that nothing on the ground has changed since back then. All the traditional age verification schemes remain highly flawed, and the more sophisticated age verification systems (tapping school records and using biometric identifiers to create “digital passports,” for example), would have rather obvious downsides and still not likely be effective in practice. In the end, there is simply no substitute for an education and awareness-based approach to online safety that relies on parental mentoring, digital literacy / digital citizenship, and better social norms and self-regulation. Techno-silver bullets will always fail.
ISTTF Thierer Closing Statement
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.