Yesterday, the Australian Government released the eSafety Commissioner’s long-awaited roadmap for age verification for online pornography. We are pleased to see that the federal government will not force websites to implement age verification as a result of concerns about privacy and the lack of maturity of the technology.
Age verification is rife with privacy and digital security risks, as well as critical effectiveness and implementation issues. We welcome this sensible announcement from the Australian government.
We have been fighting this proposal for close to three years. Over that period, we made eight submissions related to online safety and age verification, advocated in the media, participated in many consultation roundtables and workshops with government and industry, and collaborated with other privacy and security advocates, researchers, and community groups.
This win shows that when we raise the alarm and put pressure on government we can stop harmful and invasive tech policy proposals. We need to keep up the fight to protect human rights, wellbeing and safety.
Online safety is a highly politicised area, replete with plenty of troubling tech ideas — from attempts to undermine end-to-end encryption to broad powers for content takedowns to proposals for client-side scanning. This isn’t the first time that an invasive and flawed approach like age verification has been proposed, and it likely won’t be the last. With your ongoing support, we will continue to watch for, and fight back against, infringements on our collective digital rights.
This advocacy work would not be possible without donations from our supporters. If you like this work and want to see more, please consider making a donation so we can keep going!
Digital Rights Watch advocates against age verification in the media
- ‘The challenge of an adult internet‘, ABC Life Matters, 22 May 2023
- ‘Privacy groups say IDs with online age-verification is ‘invasive,’ ‘risky’‘, International Association of Privacy Professionals, 3 November 2022
- ‘What If Hackers Could Find And Share Your Porn Viewing Habits?‘, Junkee, 3 November 2022
- ‘Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn‘, The Guardian, 31 October 2022
- ‘Australians Could Soon Have to Prove Their Age Before Watching Porn‘, VICE, 9 February 2022
- ‘Govt urged to drop online age verification push‘, InnovationAus, 21 December 2021
- ‘Age verification will be mandatory for social under govt tech crackdown‘, 25 October 2021
Timeline
- February 2021 – Online Safety Bill introduced to parliament. Digital Rights Watch creates an explainer for the public, and makes a submission highlighting our initial concerns.
- February – March 2021 – the Online Safety Bill is referred to a Senate Committee. Digital Rights Watch makes another submission, and appears at a parliamentary public hearing to give evidence.
- March 2021 – Digital Rights Watch teams up with Scarlet Alliance and AssemblyFour to publicly campaign for improvements to the Online Safety Act, and develops a guide to help people contact their MP.
- June 2021 – Government calls for eSafety to develop an implementation roadmap for mandatory age verification regime for online pornography
- 23 June 2021 – Online Safety Act passes
- August 2021 – Public consultation on the Restricted Access Systems discussion paper. Digital Rights Watch made a submission, highlighting the digital rights issues related to Restricted Access Systems as well as Age Verification systems.
- August – November 2021 – Public consultation on the draft Basic Online Safety Expectations (BOSE). Digital Rights Watch created an explainer on the BOSE, as well as a submission.
- October – November 2021 – a second round of consultation on the Restricted Access System declaration, Digital Rights Watch made another submission.
- December 2021 – March 2022 – Parliamentary Inquiry into Social Media and Online Safety. Digital Rights Watch made a submission emphasising that age verification creates more harm than good.
- December 2021 – Consultation on the draft Online Privacy Bill, which would have created a requirement for social media companies to verify the age of their users. Digital Rights Watch made a submission highlighting the privacy and digital security risks of such a proposal.
- April 2022 – eSafety runs working groups to establish minimum standards for an age verification regime, Digital Rights Watch participates.
- March 2023 – eSafety delivers the age verification roadmap to the Australian Government
- August 2023 – Age Verification roadmap published, Australian government decides against implementation of age verification.
Age verification does more harm than good
Age verification is privacy-invasive, which undermines the objective of reducing online harm. Most forms of age verification require the provision of additional personal information in order to be effective. Incentivising companies and government agencies to collect, use and store additional personal information in order to conduct age verification creates additional privacy and security risk, which in-turn can exacerbate online harms.
Age Verification and Restricted Access Systems have been considered in Australia and overseas in the past but have failed to be implemented due to their overreach, blunt approach, unreasonable impact upon individual’s privacy, and the creation of adverse digital security risks.
We are concerned that any of the existing approaches to age verification will require the provision of personal information that goes well beyond proof-of-age. There are significant, if not insurmountable, challenges to implementing age verification in a way that is both effective, as well as minimising privacy and security risk.
Mandatory age verification is likely to act as a deterrent for many adults accessing legal content, and may prompt people of all ages toward less safe and secure internet services in order to circumnavigate providing personal information. Further, we remain concerned that many of the current approaches to AV are relatively easily bypassed, for example, by use of a Virtual Private Network (VPN).
The combination of these factors are likely to result in a system which is unduly invasive in data collection, creates new privacy and security risks by holding information on individuals, and yet is unlikely to be effective at preventing people under the age of 18 from accessing restricted content. We are therefore concerned that the outcome will be a system that is not simply ineffective but actively harmful.
There are many technological approaches to age verification. For an overview of the most common proposals and their pitfalls, see pages 7-10 of this submission.