Age verification supporters have been proven wrong at every turn and the Discord breach is just the latest example.
Age verification technology is destined to be a broken technology. This has held true since the early days of this debate and continues to remain true to this day. While age verification being as broken technology as perpetual motion machines has been the reality, age verification supporters are continuing to use the power of belief to will such technology into existence. After all, magical thinking fixes everything, right?
Throughout the debate, however, as the talking points keep going down in flames for age verification technology, supporters of age verification supporters simply move the goal posts and continue on to say that government mandated age verification is the way to move forward. This has happened so many times that it has become a routine development in this debate.
In the earliest of days, the argument was that age verification is just a reasonable solution to the problem of children accessing adult content. This was shot down when research found that there are flaws in the technology.
In response to that, the goal posts were moved and age verification supporters argued that the independent research is wrong. The real research, ones generally produced through press releases from the companies that stand to make a fortune off of this, is the accurate ones. If you can’t trust a press release from a shady company, what can you trust?
When the criticism came up that this is an Orwellian surveillance system the government can use to track people’s online movements, the goal posts moved again. Supporters pushed the narrative that this is just for porn websites. The regular open web won’t have such required checks, so it totally isn’t an unconstitutional thing.
That’s when the laws began dropping language surrounding the percentage of content being adult content when it became unworkable to simply have that requirement. So, the goal posts moved again for age verification supporters, saying that all websites have some forms of content that shouldn’t be viewed by minors, so all platforms should have this technology. Don’t worry, though, it’s only for the restricted content. The rest of the platforms won’t require such checks.
Then, lawmakers began pushing for whole platforms to have the age verification checks. In response, age verification supporters moved the goal posts again, arguing that this really is just standard practice and that you should just stop complaining because this is the world we live in now.
Criticisms started cropping up that these checks are easily circumvented by things like VPNs. In response, age verification supporters moved the goal posts again and started coming up with multiple excuses. One of those excuses is that people are too stupid to understand VPN technology, so it’s no big deal. Another excuse that was thrown out was that Artificial Technology and facial recognition technology (sometimes confused as being one and the same) was going to come to the rescue and solve those problems.
When research uncovered the heavy flaws of both such as the higher inaccuracies for indigenous and black people (among others) along with the fact that the technology becomes increasingly inaccurate the closer to the target age you get, that’s when the all too familiar scraping sound rang out again. Age verification supporters moved the goal posts again with some arguing that the technology doesn’t have to be perfect, but rather, “good enough”. High accuracy is perfectly acceptable, after all.
Criticisms were also sparked about the privacy concerns about the technology. Specifically, you can’t have high accuracy while still retaining the users privacy. Age verification supporters argued that you can walk and chew gum at the same time. After all, the companies said the technology does both, so who are we to question people with the same level of credibility of your average snake oil salesman?
Yeah, that’s when the stories surfaced of leaks, breaches, and hacks started surfacing. The usual scraping sounds then commenced. As a result, the story this time is that those were bad systems. No major platform online would ever allow something like that to happen. After all, they follow “industry standard” (whatever the hell they think that means) and modern technology includes “double blind” standards. As long as the right technology is employed, then the technology is sound.
That’s about when the XVideos scandal broke out. The “industry standard” “double blind” pinky swear this is a privacy respecting system was busted tracking which URLs users were visiting. The goal post moving excuse this time? Well, this is a one off that won’t happen again.
That’s when the Discord data breach happened, exposing government ID’s for at least tens of thousands of users.
Put your hand to your ear, it’s that scraping sound that you hear!
So, what’s the excuse this time? Apparently, it’s just one company doing over-retention. Yup, that’s the ticket. They didn’t nerd hard enough. The technology is sound, but it’s the platforms not doing enough to ensure the system is secure. From Biometric Update:
PC Gamer notes the connection to age assurance regulations in the UK and elsewhere, but neglects to note that the storage of ID documents is not mandated or recommended by any of these authorities.
The over-retention of data was even specifically called out in the final report on Australia’s Age Assurance Technology Trial, which was came out at the beginning of September.
PCMag notes the loosely-organized hacker group “Scattered Lapsus$ Hunters” has claimed responsibility for the attack.
Um, I hate to break it to Biometric Update, but the UK does, in fact, have data retention laws:
To comply with the administrative and legislative requirements described above, a retention period for the data based on one of the options listed below needs to be agreed with the Records Management Team and the Senior Departmental Records Officer (DRO).
The retention period is defined as the specified time following the last entry, financial year, case or project closure or the date the data is superseded, depending on the type of data and or its context.
There are laws out there that do require the storage of personal information for a period of time. So, Biometric Update is very obviously wrong about the assertion that there are no retention laws when, in fact, there are.
At any rate, the excuse seems to be that this is a case of “over-retention” and that if this technology was properly deployed, this isn’t a problem. The fact that data is retained was simply a case of the platform or third party just not nerding hard enough… apparently. So, I guess that’s where the goal posts have been moved to at this point.
We can come up with all sorts of excuses for everything, move the goal posts, and still pretend that age verification systems is still a sound idea… or, we can just cut the crap and admit that government mandated age verification for all is a broken technology. Always has been broken technology and always will be. After all, you can’t combine perfect surveillance with perfect privacy. That’s not how the real world works. No amount of wishful thinking is going to change that. Since age verification supporters are going to conjure up an endless list of excuses and continually move the goal posts, I guess we’ll be left with the duty of rolling our eyes when the next scandal has them trying to drum up something else for their next apologist tour.
