The Government hopes that minors cannot access adult content on the internet. This Tuesday the Council of Ministers approved a plan to protect minors from porn on the internet. One of the measures is a app or digital device that allows confirming the age of users who want to enter a specific page.
The Spanish Data Protection Agency (AEPD) presented a proposal in December to demonstrate that there is already technology that allows it. “It is a pilot project that we hope can be presented in the summer of 2024,” the Minister of Education and spokesperson, Pilar Alegría, said on Tuesday after the meeting of the Minister council in which it was agreed to implement this plan.
Access to pornography by minors is an issue that worries Spaniards and that fits with a new trend that wants to delay the first mobile phone of adolescents. It is far from being a solely Spanish concern: France approved mandatory age controls for pornography on-line In 2020, several US states have taken down the main porn pages, the United Kingdom is also looking for a technological solution to know the age of who accesses certain pages and Italy has imposed parental control on minors' mobile phones on operators. And no one has found a remedy that does not cause problems.
Experts view all these movements with great skepticism. The technological solutions seem ideal on paper until someone starts typing code to develop the tool, something that the Government does not clarify at this time. And when the solutions are put into action, new dangers and unexpected scares suddenly appear.
This is how Minister Alegría has described the possible operation of this future app: “I am an adult, mother of a minor, I have a mobile phone, if at any time I wanted to access some content on a page for adults, this application would recognize me and, therefore, I would have the possibility of browsing the pages. different pages. However, if my 10-year-old minor son used that same mobile phone, the application would recognize him and make it impossible for him to access it.”
This simple explanation, which would seem reasonable to any parent, sets off all the alarms for privacy experts. “Although in theory there could be a technical solution that simply says yes or no to whether a person is of legal age, based on identity documents, this is technically very complicated and requires trust that additional information is not shared,” warns Ella Jakubowska. , platform senior policy advisor European Digital Rights. “I'm not aware of this ever being done successfully,” she adds. Spain would be a pioneer in closing this access without generating additional risks.
1. Where are the details
A technological solution to a complex social problem does not exist until the details are on the table. In this case there is nothing more than some proofs of concept published in December by the AEPD, which puts the development of the tool in the hands of the National Currency and Stamp Factory (FNMT). Neither of the two organizations wanted to clarify to EL PAÍS more details about the program or its development and limit themselves to pointing out that “the FNMT technology teams are working.”
“It all depends on the implementation,” says Carmela Troncoso, a professor at the Federal Polytechnic University of Lausanne. “Without details it is difficult to say anything. Can you ask them for the code? The specifications? A white paper [informe técnico]? “Something?” he adds.
The AEPD has published three videos with its evidence, but they do not clarify anything: “It is a video with a person who puts something on a phone and a website does something else. I don't know what they send, what they don't send, who sees it, what they do, zero information,” adds Troncoso.
There are specialists who see it as a “warning to sailors.” The AEPD has already issued two fines for lack of details about age, because there is already applicable legislation: as the Government recalls, “the Audiovisual Communication Law requires providers of pornographic videos to establish age verification mechanisms.” And with this new plan, the industry would be expected to understand that it is now serious. “The technicians I work with have seen the little data that there is from the proofs of concept and say that it is very green, that they have jumped into the pool,” says Borja Adsuara, lawyer specialized in digital law and director of Red.es in 2012-13. “They made the presentation because they wanted to send a warning to sailors. Since everyone says that there is no technology available, they have done these proofs of concept to show that there is already beginning to be available,” he adds.
2. In the hands of third parties
The request for technical details is not a whim of punctilious computer scientists. The famous contact tracing was for a few months in 2020 a discussed salvation for the pandemic: the Radar Covid application. In the end it came to nothing, even though two of the largest technology companies in the world were behind that project, Apple and Google, and it even had a considerable security hole.
The AEPD pilot test foresees that an external entity, in its case the National Currency and Stamp Factory, verifies the age of a user and shares only that data with the adult content page. This would prevent the page from knowing the identity of the user and, of course, it would not have access to their ID (in the US, for example, users in some states must upload their ID to enter porn websites). But the person who would know the browsing history would be the verifying entity. The EU is preparing a regulation called eIDAS2 that provides for the existence of these services for digital identity, which has generated considerable debate among experts. on how those entities should be defined.
“The verifying authority could infer the user's browsing history,” warns Narseo Vallina-Rodríguez, researcher at Imdea Networks. “There is no software completely safe, and that is why it is important to carry out a cautious risk analysis and demand that a full audit of these systems be allowed to avoid debacles like those that occurred with contact tracing against covid. In the United Kingdom, it is established that platforms can use biometric verification, through facial features, of the age of the potential user.
The intervention of other entities that are neither the user nor the platform adds complexity and opportunities to bypass control: “Many solutions use third-party services that need to know the user's identity, and that could link it to the content they access, which is unacceptable,” says Juan Tapiador, professor at the Carlos III University. “It is also a supposed solution in which many elements are involved: the device and its operating system, the app or age verification service, one or more third parties that provide identification or certification services, the content that is accessed that someone has to indicate as inappropriate. That chain certainly has one or more weak links where it can break,” he adds.
3. Age control is (also) a business
If age control requires the intervention of third parties, it is difficult to think that they would dedicate their resources without receiving anything in return, whether they are companies or other types of organizations: the Yoti company or the Global Association of Age Verification Providers.
“A particular concern is how much the industry is pushing this agenda, which is worth billions around the world. They say everything is for the safety of children, but we are rushing towards an internet child proof without stopping to consider whether that is what we really want and whether we can trust those who sell these solutions”says Janukowska. “Lawmakers need to take time and consider the risks involved with age verification.”
4. Decisions have unforeseen consequences
If anyone believes that these measures will not provoke multiple and varied user strategies, it is because they know little about how things develop on the Internet: Tor, VPN or proxies They are very widespread solutions to access restricted pages for some reason. “In our research we have found that all age verification methods are susceptible to being deceived or circumvented,” says Jakubowska.
Also, depending on the solution, it is easy to imagine the creation of a black market for certificates or users using third-party devices. “I think the first thing that will emerge is going to be a black market for certificates,” says Troncoso.
There is a popular rule on the internet called “rule 34″ which comes to express that there is porn for any reason imaginable. There are pages that are explicitly pornographic and whose limitation is easy. But what would happen to Reddit, Tumblr or X (Twitter), which also contain porn along with other things? Or the thousands of remote pages that hide degrading porn? Will there be a label that marks all the adult content in the world? Who classifies the pornographic, the violent?
“Some sites, especially the less scrupulous ones, would ignore regulations and make their content available to anyone,” says Steven Murdoch, a professor at University College London. “Countries could try to block these sites, but people will find an easy way around it,” he adds.
We must also assess what users from other countries who arrive in Europe or Spain would do without their created identity. Will a tourist have to create one to access porn in his hotel? Will it be a new requirement, like accepting some cookies?
As if that were not enough, a change to Internet access would necessarily entail another type of network: “The idea of moving towards an Internet where certain attributes must be accredited to access content generates distrust, because that same technology could be used for secondary purposes. ”says Tapiador.
It is evident that third-party verifiers could access the identities and share them: “It is a digital certification system for any personality attribute,” says Adsuara. “Age is one, the pseudonym for example is another. If a judge were investigating a crime he could ask the trusted third party who is behind a pseudonym.” The danger of leaks or hacks with explicit navigation data it is also inevitable.
5. A political decision on censorship
Ultimately, the experts conclude, this solution will depend on political rather than technical decisions: “If you have to prove things to browse the Internet, you open the door to censorship and control and totally change how we function,” defends Troncoso. The definition and scope, for example, of what porn is will not be up to the technicians. Once this ban is opened, it can be extended to other presumably harmful aspects, such as violence or hate messages. The debate widens a lot.
“The question of who decides at what age young people can access certain content is complicated and goes far beyond technology,” says Jakubowska. “Young people are not all the same and there is a risk that, with governments pushing for more age control, we will see many services begin to offer services only for adults, because it is easier than trying to comply with the requirements they put on them. when they offer services to young people.”
You can follow EL PAÍS Technology in Facebook and x or sign up here to receive our weekly newsletter.
Subscribe to continue reading
Read without limits
_
#Experts #warn #dangers #difficulties #Government39s #antiporn #39app39 #achieved #successfully