Age verification plans could pose data security risks, experts warn

8 February 2022, 13:44

Online Safety Bill
Online Safety Bill. Picture: PA

The Government has announced plans to require porn sites to verify the age of users in an expansion of the draft Online Safety Bill.

The Government’s plan to require websites that publish pornography to verify the age of their users could pose a data security risk, cybersecurity experts have warned.

As part of a strengthening of the proposed Online Safety Bill, digital minister Chris Philp has said affected sites will need to put “robust checks” in place to ensure users are 18 or over.

The Government has said that the measures should not process or store data that is irrelevant to the purpose of checking someone’s age.

But cyber experts have warned that any extra steps which rely on the transfer of data could be appealing to cybercriminals.

“This announcement is very welcome; countless studies have shown the detrimental effect online pornography can have on the way young people understand healthy relationships, sex and consent. So limiting access to extreme content should be applauded,” Jamie Akhtar, chief executive of cybersecurity firm CyberSmart, said.

“However, despite the commitment to user privacy outlined in the Government’s announcement, the process may pose security risks for adults.

Internet Browsing Stock
A laptop user browsing online (PA)

“Data is the lifeblood of cybercrime and adding an extra step that requires the transfer of personal data – for verification – could well make adult sites a key target for criminals.

“Of course, this risk is far outweighed by the potential benefits, but it’s worth sounding a cautionary note and urging adults who use these sites to be as diligent as possible.”

The Government has said the possible measures put in place could include using secure age verification technology to confirm a user possesses a credit card and is therefore 18 or over, or by using a third-party service to confirm someone’s age against government data.

Mr Philp said it was “too easy for children to access pornography online” and that “parents deserve peace of mind that their children are protected online from seeing things no child should see”.

He added that the age verification measures would make the internet safer for children.

And while the Government has said that Ofcom may recommend the use of certain age verification technology that it deems secure, experts have said it could still be “a double-edged sword” because it involved the transfer of personal data.

“Yes, age verification services do exist today – and are in fact quite common in some online business sectors. However, we must remember that the most effective age verification methods require users to share their personal information, whether it is their photo, ID, phone number, credit card or anything else,” Yaniv Balmas, vice president of research at Salt Security, said.

“This is somewhat a double-edged sword; while it will certainly help reduce the exposure of these websites to the underaged, it also creates a privacy concern in which porn sites will now have the theoretical ability to identify their previously anonymised users, and protecting this data will now be shifted to their responsibility.

“In fact, the privacy threat could be even greater if the Government tries to assist the process by allowing companies access to citizens’ information by issuing a new government-backed API solution – which might actually put the entire database at risk from malicious actors looking to abuse it.”

By Press Association

More Technology News

See more More Technology News

Glastonbury Festival 2022

Glastonbury 2022 broke data records, EE says

A child using a laptop computer

Pupils ‘AirDrop nudes in maths and use Google Drive to store images’, MPs told

Over 20 million US dollars were raised by the public for drones to fight the Russian invasion

Tech company to gift Bayraktar drones to Ukraine after millions raised by public

A mixed reality holographic patient

UK medical students training on hologram patients in world-first

Laptop

Warning new internet laws will hand ministers ‘unprecedented’ powers

A battery changing station of Nio brand electrical car (Alamy)

Two dead after Nio electric car they were testing ‘falls from building’

Alexa to expand

Amazon’s Alexa could mimic the voices of dead relatives

Ai-Da at work

Robot painting Glastonbury’s famous faces says festival atmosphere is ‘electric’

Instagram's new age verification tools, which have started being testing in the US

Instagram begins testing new age verification tools

A security surveillance camera is seen near the Microsoft office building in Beijing

Microsoft: Russian cyber spying targets 42 Ukraine allies

Social media apps on a smartphone

Meta removes ‘large numbers’ of upskirting images found on Facebook

Rio Ferdinand poses for photographs with children at 10 Downing Street to celebrate the launch of the Diana Award’s annual anti-bullying campaign Don’t Face It Alone (Stefan Rousseau/PA)

Rio Ferdinand calls for new ‘inspiring’ online platform to combat child bullying

A screenshot of the Microsoft Outlook email service

Microsoft’s Outlook email service hit by outage

Elon Musk

Elon Musk’s proposed £35.8bn Twitter deal gets board endorsement

Apple unveils new products

Guide Dogs launches scheme to provide free iPads to children with sight loss

A woman using a laptop

Cloudflare outage knocks hundreds of websites offline