Jim Diamond 4am - 7am
Age verification plans could pose data security risks, experts warn
8 February 2022, 13:44
The Government has announced plans to require porn sites to verify the age of users in an expansion of the draft Online Safety Bill.
The Government’s plan to require websites that publish pornography to verify the age of their users could pose a data security risk, cybersecurity experts have warned.
As part of a strengthening of the proposed Online Safety Bill, digital minister Chris Philp has said affected sites will need to put “robust checks” in place to ensure users are 18 or over.
The Government has said that the measures should not process or store data that is irrelevant to the purpose of checking someone’s age.
But cyber experts have warned that any extra steps which rely on the transfer of data could be appealing to cybercriminals.
“This announcement is very welcome; countless studies have shown the detrimental effect online pornography can have on the way young people understand healthy relationships, sex and consent. So limiting access to extreme content should be applauded,” Jamie Akhtar, chief executive of cybersecurity firm CyberSmart, said.
“However, despite the commitment to user privacy outlined in the Government’s announcement, the process may pose security risks for adults.
“Data is the lifeblood of cybercrime and adding an extra step that requires the transfer of personal data – for verification – could well make adult sites a key target for criminals.
“Of course, this risk is far outweighed by the potential benefits, but it’s worth sounding a cautionary note and urging adults who use these sites to be as diligent as possible.”
The Government has said the possible measures put in place could include using secure age verification technology to confirm a user possesses a credit card and is therefore 18 or over, or by using a third-party service to confirm someone’s age against government data.
Mr Philp said it was “too easy for children to access pornography online” and that “parents deserve peace of mind that their children are protected online from seeing things no child should see”.
He added that the age verification measures would make the internet safer for children.
And while the Government has said that Ofcom may recommend the use of certain age verification technology that it deems secure, experts have said it could still be “a double-edged sword” because it involved the transfer of personal data.
“Yes, age verification services do exist today – and are in fact quite common in some online business sectors. However, we must remember that the most effective age verification methods require users to share their personal information, whether it is their photo, ID, phone number, credit card or anything else,” Yaniv Balmas, vice president of research at Salt Security, said.
“This is somewhat a double-edged sword; while it will certainly help reduce the exposure of these websites to the underaged, it also creates a privacy concern in which porn sites will now have the theoretical ability to identify their previously anonymised users, and protecting this data will now be shifted to their responsibility.
“In fact, the privacy threat could be even greater if the Government tries to assist the process by allowing companies access to citizens’ information by issuing a new government-backed API solution – which might actually put the entire database at risk from malicious actors looking to abuse it.”