Australia has required social media platforms to come up with ways of excluding under-16s.
Chris Luxon has followed suit for New Zealand, backing a proposed Member's Bill that is now in the ballot.
I think the evidence on social media harms for kids is strong enough for parents to keep an eye on things, but not strong enough to justify bans.
But leaving that aside, suppose you wanted to implement one.
I think a trilemma applies for any system that puts the obligation on platforms. If you want to set penalties for kids found to be on social media, that trilemma wouldn't apply - but I doubt effective penalties would be credible.
Anyway. The trilemma. Or at least my asserted trilemma. Disprove me by providing a system that does not suffer from at least one of these problems:
- The system is easily circumvented by those under the legal age.
- The system is onerous for those over the legal age.
- The system means the effective end of social media pseudonymity/privacy.
Consider solutions grounded in zero-knowledge proofs.
A verifier confirms my credentials are consistent with my being aged 16+. I authorise it to reveal that to anyone providing it with a key that it generates for me. I give that key to my preferred platform. The platform isn't required to disclose that it's Twitter or Facebook or whoever. There's just an API that takes keys and confirms whether the person associated is over the age or not.
The platform doesn't know the identity associated with the key. The verifier doesn't know which platform has asked about my age. All good, right?
I'm 16. My 15 year old friend hands me their phone. I log into the verifier on their phone, presenting my credentials. It generates a key. My friend takes back the phone, logs into Twitter, asks it to authorise using that key, and it does.
Zero-knowledge proofs are great for a lot of purposes but they aren't going to help you much if the person seeking authentication is happy to have someone else take that authentication.
So we have the first tine of the fork. And a bit of the second tine - there is a burden imposed on every person using the platform, not just those under the age limit.
Govt says aha! We will require frequent verification challenges or you will not be considered as having taken all reasonable efforts to keep kids off the platform.
Well, now you're firmly into fork tine 2. It's a recurring hassle for users.
Maybe the platforms use AI tools to restrict the challenges to those who it thinks might be underaged. Tine 2 then applies to a narrower set of above-age-limit users. It'll be a big hassle for a few years after you pass the age limit.
Want to make it simpler? Here's an easy way. The platform gives you the option to just upload your driver's licence; it then occasionally takes a picture of your face to make sure that the user is the person who presented the credential. No having to log into other sites, none of that.
But now we're on tine 3. The end of internet pseudonymity. And the Chinese Government now has everyone's ID from TikTok.
The legislation as drafted winds up with a mix of all three. Platforms can use whatever method they like for verifying age. And they have a defence against $2 million dollar liability if they provide evidence that they relied on a presented ID that wasn't right.
So it's easy for kids to circumvent - get a friend's ID.
It's a hassle for adults, who all have to provide ID.
And it's the end of internet privacy/pseudonymity, because the system Chris Luxon's endorsed will find it simplest to collect and store everyone's passport or driver's licence.
And those can always be subpoenaed later, if anyone says anything wrong on the internet.
No comments:
Post a Comment