Hi All,
The legislation regarding Age Verification online is due to come into force shortly. I’ve been doing some thinking around the subject, regarding where responsibility lies with protecting what children can view online. Having seen some discussion on Twitter its prompted me to write this down. Government regulation has already started in this space but still has a long way to go, so maybe something pro-active from our part is required here.(An important note here; I’m not referring to protecting children online from threats, I’m talking about restricting what they can see online.) From what I’m thinking, there are a few different parties here: 1 - The Parents - They are an obvious party here, they have legal guardianship of their children. 2 - Software Developers - They make the software children use to get online, I’m including Operating Systems (Windows, Mac OS, iOS, Android etc.) along with Web Browsers (Chrome, Safari, Opera, Firefox etc.) 3 - Service Providers - We provide the connectivity between the child’s device and the internet. Most ISP’s also provide DNS for their customers so we know what the customer wants to visit. 4 - DNS Providers - Speaking of DNS, there are few companies offering free DNS services (Google, Cloudflare, GCA, OpenDNS etc.) 5 - Teachers - Schools already play a role in teaching children what is and isn’t safe online. Although it’s worth noting they have no legal rights here. 6 - Operators of VPN’s with low-bar barriers to entry that are designed to circumvent legislation 7 - Another group I haven’t considered yet. There is a group I haven’t mentioned above and that’s government. Government obviously plays a role here, BUT… They have no direct involvement here. They can regulate but the regulation would apply to one or more of the groups above. For example government can create a block list (and if one is created, they should take the risk here) but it’s useless without someone to implement it. Then, who pays for it? There’s no doubt this comes with extra costs and that has to be paid for somehow. There’s reputational damage to be considered here as well. Some will love this move and see it as a positive step, others will hate it and call it censorship. We also have to think about the ability to configure something like this. Groups 2,3 and 4 I think we can all agree are fine here. But from my time working help desk I know that groups 1 and 5 might struggle. The ability to circumvent these measures is also important. We all know if we’re faced with DNS blocking, we just change resolvers to one that doesn’t block. Does this mean we just give up? Or do we try make a dent in the problem and re-group after. It might be worth taking stock of where we are the moment (technology / knowledge wise) to see if this is something where existing standards could be used or if something new has to be designed. I’m going to leave out my thoughts here and open it up to some discussion. What are your thoughts around this subject? I think we’re beyond the point of just leaving this for another day, governments and public opinion is changing and we can’t just ignore it anymore. Either we start looking into self regulation or assisting the other groups in helpful ways or we’ll end up with backwards thinking regulation being imposed on us as an industry. Nb, the above is a collection of my personal notes and does not necessarily reflect the views of my employers. Regards, Hal
