Ivo Vegter: Global laws threaten to erode online privacy for imagined safety

Governments worldwide are enacting laws under the guise of protecting children online, requiring intrusive age verification for accessing adult content. Spain’s policy mandates using government-issued digital IDs, risking privacy. Similar measures in Canada and the US propose ID checks, raising security concerns. Critics argue for better education over ineffective, privacy-threatening regulations.

Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here.

Join us for BizNews’ first investment-focused conference on Thursday, 12 September, in Hermanus, featuring top experts like Frans Cronje, Piet Viljoen, and more. Get insights on electricity and exploiting SA’s gas bounty from new and familiar faces. Register here.

By Ivo Vegter*

A spate of laws are being written to undermine privacy and anonymity on the internet, all supposedly to “protect the children”.

A new policy in Spain, entitled “National Strategy for the Protection of Children and Adolescents in the Digital Environment”, is set to implement an extraordinary system to enforce age verification for access to adult content online. (Spanish article here.)

Adult Spaniards interested in a bit of racy entertainment must now add electronic credentials to their government-issued digital identity wallet that entitles them to thirty adult entertainment login sessions, valid for thirty days, usable a maximum of three times on the same platform.

The Spanish government has assured citizens that the digital credentials will not expose their identities to the web sites they are visiting. That will be cold comfort to Spaniards when they realise the government will now have a perfect record of their masturbatory habits.

“There may be ways to circumvent this solution,” the government admitted, which means that wayward youth certainly will circumvent this solution, and the sacrifice of privacy will be for nothing.

After all, tell a teenager there is forbidden fruit behind a locked door, and they will be doubly motivated to gain access. Banning things, or blocking access, makes kids interested in things they would otherwise ignore. It has been thus ever since ‘blue movies’ were first made and rented out under the counter.

As a teenager growing up in South Africa, I acquired books and albums that I otherwise might not have been aware of because they were banned.

Read more: Gen Z take on Big Tech: Youth activists driving change in social media safety legislation – Amanda Little

Age verification methods

In Canada, the opposition Conservative Party is sponsoring a private member’s bill that would require age verification for people to access pornography online. Unlike in Spain, Canadians do not have a government-issued identity document, and the bill does not specify exactly how Canadians would go about proving their age online.

All the likely methods, however, would compromise the safety of citizens. They might use photo IDs such as a driver’s licence, passport, or Ontario’s age of majority card. They might simply use a photograph which is analysed by artificial intelligence to estimate age. Or they might use a credit card, on the presumption that children don’t have access to credit cards.

That presumption is, of course, incorrect.

All of the above are fairly trivial to bypass – witness the fake driver’s licence industry in the United States that exists not to allow unlicenced people to drive, but purely to procure alcohol for under-21s.

A photo of a photo-ID that proves majority is even more trivial to obtain. There is no way to verify that the ID actually belongs to the person verifying their age.

All of the above also pose significant security risks, even when used only on websites that are presumed to be “safe” (which most adult content brands are not).

There is hardly an entity, public or private, that hasn’t been subject to a data breach since the advent of the internet. Keeping one’s identity – and money – safe online is a matter of limiting who has access to sensitive documents and information.

Australia is also considering mandatory age verification online, to block access for minors to adult content including betting and perhaps social media, based on a report emotively entitled Protecting the age of innocence.

That report includes wonderfully ironic lines such as: “…consumer credit agency Equifax submitted that ‘strong privacy controls will be critical’. Equifax offered the following points for consideration…”

This is the same Equifax that in 2017 compromised highly sensitive records of 147.9 million Americans, 15.2 million British citizens and about 19 000 Canadians. The US blamed Chinese government hackers, but the damage was done.

The United States, too, both at federal level and in individual states, is mulling online age verification for a range of sites, including social media and pornography.

Online harms

Of course, the potential risk of harm to children is real. “Think of the children,” is an emotive appeal that is intended to shut down rational debate, but that children face some risks is not in dispute.

The question, however, is first, whether these schemes, often concocted by technically illiterate politicians, will work; and second, whether the violation of privacy that would affect everyone, under-age or not, is worth any putative reduction in risk.

Age verification is not the only way governments the world over are trying to mitigate real and imagined harms to children.

Proposed laws Europe, the US, Australia, and the United Kingdom all risk requiring companies to break encryption in pursuit of child safety.

“[A]nti-encryption regulation threatens the right and freedom of journalists, abuse victims, human rights activists, opposition politicians, and even lovers, to speak and love freely,” writes economist and futurist Bronwyn Williams.

Read more: 🔒 Online ‘sextortion’ scheme targets teens, prompts suicides and FBI alarm

Vague terms

Williams recently penned a report for the Institute of Race Relations in which she analyses the legislation of several countries, including South Africa, that allows governments to surveil and censor private citizens.

The UK, for example, requires technology platforms and social media companies to protect its citizens from nebulously defined “harms”. Such harms include giving offence and impairing someone’s mental health, both of which are highly successful and almost impossible to prove or disprove.

Failure to comply to the satisfaction of the government could cost these companies fines of 10% of global revenues.

Such extraordinary fines will surely motivate companies to voluntarily censor users, on behalf of the government, and err well on the side of caution. The chilling effect on online speech, and the unwarranted violation of the rights of adults to engage with adult content, is all too obvious.

South Africa’s laws, which include the Regulation of Interception of Communications Act (RICA), the Film and Publications Act, the Cybercrimes Act, and the recently passed General Intelligence Laws Amendment Bill, likewise grant the government extraordinarily broad powers “to infiltrate and intercept practically any aspect of civic life the government desires to keep tabs on”.

It relies on equally vague terms, such as “national security”, “national interest”, and “harm”.

It is a truism that if government has access to your private data, then so does the criminal underworld. No government is safe from data breaches. Neither are the major technology platforms and social media networks.

The potential for abuse of private information, especially when it includes potentially embarrassing data such as records of accessing adult content, is enormous.

Ironically, such information can be used to blackmail people – including children – into further compromising their online safety, through financial or sexual extortion schemes.

That’s not to mention the politicians, religious leaders, teachers, judges and other worthy burghers who might find themselves caught with their pants down due to a simple data breach.

Read more: Scott Dunlop: Online safety for kids is just plain common sense

Moral panic

Much of the overt motivation for invasive laws such as these are grounded in exaggerated moral panics, and an almost religious obsession about the supposed ‘purity’ and ‘innocence’ of children.

Yet the best way to keep children safe online is simply to educate them well.

Research conducted in Australia found that while young people and their parents generally support age verification in principle, they think it likely would not work, and said “more safety education, face-to-face dialogue, and accountability from social media companies would be better approaches to keeping young people safe online”.

The researchers included some quotes from actual children.

One said: “I feel like in the case of lot of controlling parents it would be bad for the kid because then if the parents are controlling and they don’t have any social media to talk to people, I feel like that could negatively impact the kid. Maybe they’d get lonely, or they wouldn’t be able to use it as an outlet.”

Another said: “But if I would say that I was OK with it, I think I’d be lying. Because, I’m a really private person, privacy really matters. And yeah, I do think to be safe, I think we really should be having our own privacy as well.”

Others noted they could find ways around age-verification tools: “It would be simple just to get a VPN and change my country if it was going to create this obstacle.”

Parents weren’t comfortable, either. One said: “I mean depending on what kind of site it is would you be comfortable providing your passport information or your driver’s licence?”

Another added: “Well, it certainly makes you think about it a lot more. What are they using that data for? Is it really just for age verification, or is it for something more nefarious?”

Children aren’t stupid, and by the time they’re teenagers, they’re far from the innocent angels that moralisers assume them to be.

Talking to them about online safety is far more effective than trying to put in place technical hurdles that are easy to evade, entail serious privacy risks in and of themselves, and are easy to abuse by government, corporations, and criminal enterprises alike.

It seems rash to sacrifice everyone’s privacy, online anonymity, and safety in pursuit of flawed and easily circumvented schemes to mitigate the risks of bad parenting.