Protecting young minds at the cost of privacy
The so-called Online Safety Act (OSA) went into effect on July 25; it makes websites and apps responsible for preventing children from accessing “age-inappropriate content.” But rather than target the young people it ostensibly wants to protect, the law is affecting all users — spawning a vast and unregulated industry in various kinds of age verification services.
Now, you might think that having nurtured introduction of such services, the UK could also have legislated to ensure that those services are themselves secure. Unfortunately, a government big on rhetoric and low on substance did not choose to do so, which means websites and services are free to work with age verification partners, no matter how secure those services might be.
But who protects you?
To make matters worse, these services are requesting highly confidential data, which means images of passports, people, dates of birth and other identifying information is being shared with companies that are under no legal obligation to keep that information secure. We know this is dangerous, as there have been multiple instances in which companies have failed to protect such information. For example, just last year, US ID verification service called AU10TIX exposed names, dates of birth, nationality, identification numbers, the type of documents uploaded (such as a drivers’ license) and images of those document.
This story originally appeared on Computerworld
