Age Verification is Now Mutating into General ID

Surveillance creep is once again striking in the age verification debate. This is happening at the FCC this time.

Throughout the age verification debate, one of the patterns I have noticed is what many refer to as “scope creep”. Scope creep is where requirements of something keeps expanding beyond the original intent. Age verification has been a spectacularly great example of what happens when this enters into the realm of government policy.

In the early days of the age verification debate, age verification was supposed to only apply to dedicated pornographic websites. That meant that requirements were put in some laws around the world where the website needed to have a certain percentage of “pornographic content” in order to be put under the scope of the law. Those surveillance and censorship prototypes had a number of flaws associated with it (a number of those flaws continue to this day). One of those flaws was how we define “pornographic content”. Very often, the answer is that this was not very well defined. This was by design because the ulterior motive was to crack down on the LGBTQ+ community in general by defining anything related to them (be it support groups or otherwise) as “explicit” or “pornographic” content. A second flaw, of course, being that it is an unconstitutional mess targeting specific websites.

One of the things I argued early on is that this was going to be the beginning of government censorship. This is because once you start getting into the business of censoring one kind of website, others become vulnerable to mass government censorship and surveillance like this. The precedent being that it’s OK for government to censor the internet is established and all the government has to do is keep expanding the scope from there. If the government can censor one website, they can censor it all. This prediction was initially met with confused looks and indifference partly because some people thought of this as just me being alarmist. Ultimately, however, it became one of the biggest “Drew Wilson was right” moments I’ve ever had.

It wasn’t long until the “percentage of pornographic content” part of the laws were dropped, thus expanding the scope to include all websites. Arguments how this only applies to pornographic content largely fell flat because more people saw it for the lie that this was.

From there, the age verification laws just kept expanding. The cover story about how this was all about stopping children from viewing “pornographic content” was dropped and expanded to include social media, search engines, VPNs, and app stores. The rapid expansion of the scope of what the government was alarming to say the least.

Earlier this year, when I reported on age verification getting applied to operating systems, I was surprised when I got pushback. After all, while the laws in question was supposedly demanding that people add their age to the installation of their operating system manually, it represented the opening of a new front with government trying to bake their surveillance and censorship directly into the device. It was a law that represented a prototype of things to come because simply typing a number into a text box is only the beginning in my view. Worth pointing out that such a law would be extremely difficult to enforce given the existence of Linux among other open source projects. It’s, again, about establishing a precedent more than anything else.

Those worries were justified, as it turns out. Reports are surfacing that age verification is mutating into general ID baked into the device. The targeted technology? Your cell phone – a more locked down and easier to regulate device. The FCC in the US is holding hearings to discuss a general ID mechanism that would identify all consumers regardless of age. All of this is under the guise of fighting spam calls. The rules the FCC is shooting for is going to be under the Orwellian name, “Know Your Customer” where people need to submit identifying information before obtaining a cell phone. The fear that this is going to basically eliminate burner phones in the market is only the beginning. From GizModo:

Among other sweeping changes, the era of the burner phone could end with the rollout of new “Know Your Customer” rules voted on by the FCC on April 30, as noted by the blog of the D.C. telecom law firm Wiley Rein. Customers would, according to the proposed rules, have to present a government ID, a physical address, a full legal name, and an existing phone number. FCC rules at this phase are not yet in force, and would not go into effect for a year after full approval. The commission is still seeking comment, and is asking to hear privacy concerns specifically.

A May 6 blog post on the website of the civil liberties group Reclaim the Net says, “The result would be an identity-verification regime covering one of the last semi-anonymous communication tools available to ordinary Americans.”

Indeed, easy access to phones for people in dire situations, such as refugees or people fleeing abusive relationships, is seen as a hugely pro-social use of the relative anonymity provided almost accidentally by low-cost prepaid phone service providers.

In addition to cracking down on anonymity, there are proposed “red flags” that may trigger scrutiny from the FCC. Using a virtual office, or certain commercial addresses when asked for a physical address, operating a website or using an email address deemed suspicious, and not being traceable to the state claimed in the address provided.

Paying for phone service with cryptocurrency could also become an FCC red flag.

“By screening new and renewing customers, originating voice service providers are in the best position to prevent scammers and other bad actors from flooding telecommunications networks with illegal calls,” the FCC press release about the proposed rule change says.

It should be painfully obvious that none of this will even remotely affect spam calls at all. Spam/scam calls typically originate overseas. Most famously, they originate from Indian scam call centres. They are routed to the US through spoofing numbers to pretend to be legitimate numbers. This way, when their number appears on Caller ID features, they look like something that resembles legitimacy, getting people to answer (to varying degrees of success). Few scammers are even located within the country. So, ending all anonymous cell phone devices within the US would do exactly jack all in stopping spam/scam calls.

As a result, it’s hard to view the concept of scam/spam calls as anything other than a cover story to further crack down on people here. Whether it is yet another tool to target vulnerable groups within the US or to establish a whole new layer of broad surveillance, it shows how age verification had exactly nothing to do with “protecting children” and everything to do with obtaining more tools to censor the internet and put ordinary citizens under tighter surveillance.

Drew Wilson on Mastodon, Bluesky and Facebook.