Some players see publicity and support for the NSPCC Childline campaign announced on Tuesday as a potential threat to the “freedom” of the Internet. Others see it as an opportunity to rally support for activities to help provide children, families and silver surfers with freedom from fear and abuse over the Internet.
Both are correct.
Technology has moved on over recent years and ways to reconcile security and privacy are becoming increasingly practical. But they have yet to be effectively used. This is partly because of muddled and misinformed debate between players with very different agendas (from surveillance and “security” to privacy and “civil liberties”) and with different levels of understanding. The consequent potential for confusion can be seen with the range and variety of players concerned about child safety issues within the UK alone.
The overall effect is an erosion of trust in the Internet as a safe place to learn, play or make money: whether you are child, a parent, a silver-surfer, an employer – or anyone else without state-of-the-art information security expertise.
That is not good for business.
I have recently been privileged to sit in on some of the discussions that led to the formation of a working group that is trying to make practical progress on one of the points of leverage: a standard for processes which enable robust, consent-based, confidential age verification. , i.e. without the need to ask intrusive and unnecessary questions.
Seven years ago such an approach was probably not practical. Today the problems are more to do with the all-too-common practice of collecting information that is not needed for the service or transaction in question, but might be “valuable”, without considering the possible consequences . There is, however, growing evidence that asking unnecessary and intrusive questions costs paying customers. Some years ago a British Retail Consortium survey indicated that the cost of lost business, because of intrusive security, accounted for more than half the cost of e-crime, including the amount spent on information security. Recent data indicates that the proportion of transactions abandoned as questions become more intrusive is rising.
Hence the desire of those running commercial on line transaction services operations to be able to use reliable third party verification services, in order to avoid the need to ask unnecessary questions. An invaluable first step, for most, is the ability to verify age, (e.g. old enough to buy a drink or qualify for a bus pass or young enough to get a discount) independently of identity.
The UK is on the cusp of defining processes to underpin the roll out of scalable, viable, cost effective, age verification solutions, built on the principles of ‘verify once, use many times’. The next step is to turn these into internationally recognised interoperable standards, supported by certification programmes that define liability models.
The process is currently being driven by those required by their respective regulators to do age checks. However, wider support for the approach is such that the time has come for social networking platforms, data aggregators and advertisers to also re-visit their attitudes towards age verification. The aim should not just be to ensure compliance with current or future legislation designed to protect children on-line, but to facilitate the confident use of on-line services by all age groups.
The working group already brings together representatives of the on-line gambling, adult entertainment, tobacco, on-line dating and vaping (e-cigarettes) industries and aims to engage with the alcohol industry and educational network operators, as well as those concerned with child protection, silver surfers, social inclusion and, of course, with crime prevention.
Details of the C-Plan for “consent -based, confidential, on-line age verification” and a summary of those involved can be found on the Digital Policy Alliance Website. The group is actively recruiting so as to ensure that all relevant stakeholders are engaged.