Facebook's response makes a good point
Why shouldn't these measures apply to everyone?
The famous "Like" button may be on the way out if a new code for social media companies, published by the UK's Information Commissioner's Office (ICO), has its way. Among the 16 rules in the consultation document [PDF] is a proposed ban on the use of so-called "nudge techniques" - where user interfaces and software are …
El Reg's report talks about nudge techniques being disabled for under 18s but The Guardian's report specifically quotes like buttons (and therefore up/downvote buttons too) being considered a nudge technique. So that really would nobble all like buttons, on-site and off-site, unless the user is logged into Facebook (or whichever social network the button belongs to) and has been age verified.
If El Reg falls under this code, commentards would need to age verify with El Reg to get up/downvote buttons and maybe even just to see the number of up/downvotes.
Although it does beg the questions, how do you measure the "most safety and privacy users" [sic], and how many people do the categorise as 'most', and what proportion of those are teenagers (and how sure are they that the ages are correct?).
Or did they just sort their list by "length of password" (that's basically the same as 'most safety', right?), and find some (purported) teenagers in the top 50%?
Mind you, I'm assuming that Facebook would say something misleading but technically correct, rather than just straight up lying.
The code makes it plain that unless the companies enact age-verification systems, the UK government expects them to extend all the changes to all users, regardless of age.
How would Facebook do this, badger users for a scan of their birth certificate shortly after signing up and close the account down if they don't upload it? They obviously can't let adult users choose to avoid all of Facebook's creepy slurping.
And as if by magic, by making Facebook' model unsustainable unless they verify everybody's age, we've suddenly got pretty close to China's Internet access card.
How are Facebook and other platforms supposed to verify whether a user is under 18?
A lot of under 18s won't have photo ID and a birth certificate is not proof of age as it is probably easy enough to mock one up in Photoshop if you really wanted to.
Also will these settings only apply while the person is connecting from the UK IP or will they be linked to their account? As if it is account based then it will soon realised that you can sign up via a VPN or proxy from the US or other countries to avoid these restrictions.
And if they are verifying whether someone is a child or not, then they have to also verify all adults to make sure they aren't a child claiming to be over 18. And before you know it the governments age checks for pr0n sites is expanded to cover a lot more which erodes more of your privacy rather than protects it.
I can see the next stage will be a issuing all teens with a government issued online ID thus getting them ready for a future where full national ID cards are tried again.
A national ID card is exactly the sort of thing I expected to start to roll out once the hard brexiteers got there way after we leave the EU.
How are Facebook and other platforms supposed to verify whether a user is under 18?
The intention, as I understand it, is that the default should be suitable for children (and sane adults) and social media firms will have to demonstrate valid, informed consent before anyone can turn on more aggressive data harvesting.
The problem for Facebook is not age verification, but that very few people will voluntarily enter their creepy world of slurp-and-stalk - and it's hard to offer incentives to do so as it's not permissible to exchange services for personal data not related to the provision of the service.
It's difficult to see how Facebook's business model is compatible with GDPR - that's going to be a more significant obstacle.
In the future, this will have gone one of two ways:
Either every company knows everything about everyone (as things have been heading)
Or, GDPR etc. promote a new awareness, and future generations will look back in horror that companies publically did this sort of thing without employees being thrown in jail. This whole sort of thing will be illegal and morally and socially unacceptable, just like some "old time" activities are to us today. [ Of course, even in this utopia, the governments will still gather everything, for the sake of the children/counter terrorism etc. ]
Many of us old farts don't have photo id's either! (paper driving license / passport expired)
"A national ID card is exactly the sort of thing I expected to start to roll out once the hard brexiteers got there way after we leave the EU.
I have to agree.
Incidentally, totally off subject, but why aren't expired passports valid proof of ID? I ain't expired along with it!
It is to limit the damage done by forgers overcoming security vulnerabilities in passports. As time progresses new printing technologies and RFID technology make newer passports much more difficult to forge. By only allowing unexpired passports you guarantee that proof of ID is accepted only using documents less than 10 years old.
A national ID card is exactly the sort of thing I expected to start to roll out once the hard brexiteers got there way after we leave the EU.
Actually I suspect that this is more likely if Brexit is cancelled ... remainers have made great play of the fact that the UK could reduce number of EU migrants staying in the UK if we (like some other EU countries) strictly enforce the "after 3 months you must have a job or show evidence that you are able to pay for your own health care etc" rule (as free movement applies to workers only) and to implement this will require some way of tracking who is in the country and where they are which could well result in a "European" system of having to register at the local town hall whenever you move location.
If the UK ends up staying in the EU then I think its inevitable that we'll have to acknowledge that an implication of this is that we are deciding that we are "European" and need to start to align ourselves with the ways things are done in the other EU countries rather than sitting on the edge saying "we're part of the EU but remember we do things differentlly here" ... and id cards (+ requirement to show them on request) are part of that culture (just returned from holiday in Portugal where on occasions we have been stopped by police and asked to show id which as a UK person has to be a passport)
"European" system of having to register at the local town hall whenever you move location.
Although not compulsory, you already need to do that now if you want to have a vote. If you are a buyer rather than a renter, then you must register with the local town hall. Most normal people are already easily trackable.
How are Facebook and other platforms supposed to verify whether a user is under 18?
They've already mandated an age verification requirement for a lot Internet usage, even if getting it working is on hold again. Why should FB be any different to PH. If they require all Internet users to verify their age they'll soon manage to get to a point where they can track all Internet usage by all citizens. Which is surely their goal.
There are online identity verification services that can offer various levels of assurance as to a users identity. These can be paired with more in depth document matching services, for users whose identity is harder to verify automatically. The former are widely available and reasonably priced (for services that actually make money by charging some, or all, of their customers for their products). The latter are somewhat more expensive.
It's not like there aren't already regulated industries trading over the internet that have strict requirements on knowing who they are dealing with.
Facebook already "age verify" people to ensure that they are over 13 before they are allowed an account ... so they already know who's under 18. Of course, this assumes that under 18s don't use the same "put the wrong year in my date of birth field" technique that they used as an under-13 to get an account in the first place!
A very good question given the difficulty in ensuring the age given is genuine. Although I am in favour of this kind of regulation, I can see it as providing government with the thin end of an 'ID card for all ' wedge.
How else to provide proof of age and identity? What would be the format and what info would be passed on to the likes of Farcebook et al?
head of the ICO, Elizabeth Denham saying in a statement: "We shouldn't have to prevent our children..."
I read that as "We shouldn't have to parent our children" at first (not had a cuppa yet). But to be honest, it doesn't change the meaning or intention of the statement a whole lot either way. Kids aren't stupid, or at least they are no more stupid than the average adult. People in general will take the path of least resistance, they don't change defaults unless it is to allow something that they are being prevented from doing. If people still get the same 'experience' from their side, thenn tightening up privacy in the background is a good thing. It really should be across the board though, not just for kids.
This is the sort of answer that needs to be given to Facebook, as per a Singaporean Government committee last year on this youtube video, which proceed for about 3:30 minutes past the linked point.
And in a clear poke in the eye to Facebook, the code insists that user are provided with "'bite-sized' explanations about how you use personal data at the point that use is activated" and those explanation be "concise, prominent and in clear language suited to the age of the child."
So suited to the mental age of most Facebook users?
Is that a direct reference to Zuckerberg? It could be a good point.
Jokes aside, while imperfect, it has been always used as a measure of maturity - as it is impossible to measure each girl and boy.
Zuck should be thankfully for that - it would be still be playing with Fisher-Price toys, otherwise - until he learn he can't steal them from other babies.
How about changing data laws to make the data collector responsible for any misuse of said data, either by themselves or any party they pass it on to?
Irrespective of whether the misuser obtains the data legally/consensually or not.
That should focus a lot of minds on data security
AIUI, under GDPR they sort-of are responsible.
If you collect data, you are required to say what you are collecting and what you'll do with it. If it gets used for something else then you are on the hook - and that would include if you give it to someone else who misuses it. The latter bit comes from you being required to have suitable measures in place to prevent misuse - including contractual terms with any third parties.
If the third party misuses it, then you've failed - either your contract wasn't well enough specified, or you didn't have good enough oversight processes to ensure compliance.
Anyone involved with financial reporting for a company with US parents/owners will be familiar with this concept. Under the US Sarbanes-Oxley act, the head honcho has to sign the accounts as being true and accurate - and if it turns out that they aren't then they can personally be thrown in the clink (that's a powerful motivator !) It was the result of things like Enron and Worldcom and their blatant false accounting. But the end result is that you, as a small UK company, have to put in all the controls and measures so that when the finance numbers are passed up to the US parent, the US finance bods can be sure (as in, stand up in court and say so) that they are correct when they incorporate then into their own financial statement.
So, if all of faecesbook's users change their profiles to state they are under 18 then that should stuff them up quite well.
Of course, many of these recommendations should apply to everyone; not just kiddies.
And, as has been pointed out many times before, what about people WITHOUT faecesbook accounts? The "like" buttons are still there, so presumably, it must be assumed that ALL users that are presented with one are under 18
Why just FaceAche? What about the simple things in life like "Google search", the "BBC App", "CBBC", "Amazon", "Argos", "ITV" and, for those of a certain inclination, "Quest - How It's Made ..."? All of these encourage frequent use and invest in advertising heavily to achieve that goal. Hell, even the AA travel advice and Google maps does that. I'm not quite sure what the difference is between FB as "social media" and the Amazon homepage in the context of encouraging frequent use.
It does seem that the only successful way of generally implementing the proposed rules would involve, as mentioned earlier, a State ID Card so beloved of Mrs May ( lest we forget she has prior* as Wicked Witch of the West)
* Or that could be an SG1 reference, and she does expect everyone to toe her line so it is appropriately nasty!