Written evidence submitted by SafeCast Ltd
Early last month (August 2021) Ernst and Young (EY) produced a report for the DCMS on “Understanding how platforms with video-sharing capabilities protect users from harmful content online” The report, while useful, makes no mention of the potential of Age Gating in solving the harms suffered by children on the internet. In the light of this omission SafeCast wishes to raise the matter with the DCMS Sub-Committee on Online Harms in the hope that this matter is taken forward by the DCMS Sub-Committee. SafeCast would be happy to give further evidence on this matter should it be required.
In September 2020 in its evidence to Ofcom under Ofcom’s VSP consultation, SafeCast raised the potential of Age Gating in protecting children. Following these discussions SafeCast in 2021 also raised these same matters with the Broadcasting Authority of Ireland (BAI), the equivalent organisation to Ofcom in the Republic of Ireland. Owing to the historic links between the UK and Ireland (and our shared educational enrollment standards) SafeCast’s recommendations can be applied in both the Republic of Ireland as well as in the United Kingdom with economies of scale and effectiveness.
In respect of Age Verification Systems and Age Gating this is what SafeCast said in its evidence to Ofcom in the VSP Consultation:
Age Verification Systems
The COVID-19 lockdown has highlighted the urgent need for some form of Age Gating on systems which are used by children. However, SafeCast’s view is that age verification systems based upon individual attributes of a user are not an appropriate and proportionate response to the harms they seek to eliminate. This is for the following reasons:
● Age verification systems are not a structural part of the internet. Thus restricting access to specific age groups is not the default in its current implementation.
● Age verification enrolment systems, which are based upon the exact age of an internet user, automatically give rise to privacy risks which can lead to stalking, grooming and bullying. Safe use of these systems requires additional controls and measures which may not always be available. Thus the trade-off between the design of the internet being open to all militates against the use of exact age systems in its current implementation. For example, if Facebook or YouTube were to establish an age verification enrolment system based upon the exact age of a Facebook or YouTube user, this could be used for the commercial benefit of Facebook or YouTube respectively and their “walled gardens” of commercial services.
● Unlike some EU countries, the UK does not have a centralised digitally accessible register of births and deaths, In consequence, any age verification enrolment system for UK children based upon their exact age will be a proprietary age verification system.
● Proprietary systems can become non-tariff barriers to new competitors wishing to enter the market.
Rather than requiring age verification systems based upon the actual age of a child to be used to support Age Gating of content on VSP systems, Ofcom’s long experience in maintaining the Television Watershed restrictions on regulated television services based on children’s age range and time that programmes are shown, suggests a better way of addressing the need for Age Gating of content without giving rise to new privacy risks.
Following a revision of the Ofcom Broadcasting Code to bring it into line with modern practices, Age Gating could be implemented on mobile devices and tablets using the school-age of a child.
Such a measure could be deployed by teachers and parents enrolling a child through the use of an anonymised token embedded in the phone or mobile device. A school age token could be generated and loaded as middleware on the child’s mobile device following the completion of a secure webform by the child’s parent or guardian or teacher. The school age token would be cryptographically signed with the date and time of its installation on the child’s mobile device and this information would be logged. Primary schools, nurseries and public libraries would be able to enrol children of identified parents as well as parents and guardians directly from their homes through use of the Government’s forthcoming Document Checking Service, which is to give people easier and safer access to digital services that require identity checks.
This change should be reflected in a revision to the Advertising Guidance given by CAP in relation to non-broadcast marketing communications. This would allow school age metrics and restrictions to be substituted for the highly subjective “120 Index” system, which is not suitable for use in multichannel non-linear broadcasting environments. Marketeers bear principal responsibility for the marketing communications they produce and must be able to prove the truth of their claims to the ASA; they have a duty to make their claims fair and honest and to avoid causing serious or widespread offence. Agencies have an obligation to create marketing communications that are accurate, ethical and neither mislead nor cause serious or widespread offence. Publishers and media owners recognise that they should disseminate only those marketing communications that comply with the Code. That responsibility extends to any other agent involved in producing, placing or publishing marketing communications. They accept the rulings of the ASA Council as binding. School age metrics and restrictions should be deployed within a revision of Advertising Guidance.
Following the filing of SafeCast’s evidence with Ofcom it would appear that Age Gating as an effective means of protecting children, is supported by GCHQ following a trial in 2020. This was mentioned in the “Online Harms White Paper: Full government response to the consultation” in December 2020 where in a footnote regarding VoCO Phase 2 - Verification of Children Online it said:
The Department for Digital, Culture, Media and Sport, the Home Office and Government Communications Headquarters have collaborated on a recent child safety research project - the Verification of Children Online - that responds to the challenge of platforms knowing which of their users are children. The project engaged with parents and children, industry, regulators and online safety professionals to consider the technical, commercial, legal and behavioural factors that would enable companies to recognise and better protect their child users. A key success of the project was a technical trial run during phase two. The trial successfully demonstrated that age assurance solutions could be run at scale in a way that was simple for users and protects the privacy of their personal data.
In the light of this we ask the DCMS Sub-Committee to take this matter into consideration and possibly request further information from both Ofcom and GCHQ.