ID Cards making the net a more dangerous place for kids

 by Martin Belam, 4 August 2006
Easy to forge, lures child (and parents) into false sense of security. Stupid rip-off.
Crystaltips sums it up pretty well on her del.icio.us link to a story from BBC News yesterday about a new online safety ID card being promoted for children.
The ID scheme was set up by UK businessman Alex Hewitt after he discovered that his daughter could only verify the age and identity of a third of her 150 online friends.

He said: "People want to feel safe online and know the people they are talking to are who they say they are."

The company said it would also use software techniques "similar to those used by the passport agency" to authenticate applications for the ID card.

And therein lies the problem - it makes me laugh that on the one hand we are increasingly assailed by news of identity theft and growing electronic fraud, and on the other are meant to find attractive the idea that using these kind of documents to authenticate people's identity online is going to make things safer. The internet was designed to quickly swap packets of binary information - it wasn't designed to take fingerprints and verify people's ages.

The NetIDMe scheme has got more holes in it than John Lennon's Lancashire. For example, whilst your application is being processed you can still use the system to chat to kids online, so you can get access to people who have been verified as being children, without having your own age verified. Kids will be warned via a traffic light system that you are not verified, but how many children are actually going to pay attention to whether the traffic light is green, yellow or red? And the NetIDMe card looks lovely and huge in the publicity shots, but how much actual real screen estate is it going to take up in practice for kids to be able to spot the traffic light status?

Red Members- Identity Unknown
(member details have not yet been collected)
Amber Members- Identity Unverified
(member details are currently being processed)
Green Members - Identity Verified
(member details have been fully verified)
NetIDMe status indicator

The NetIDMe terms and conditions even go as far as to say that you can still use the service if they are unable to verify your details:

In the event that the User's identity cannot be verified NetIDme will notify you by e-mail or letter. The User will still be able to use the Service however the User's status will state that the User is unidentified.

And despite launching on a platform all about trust and safety, they themselves will take no legal responsibility for the effectiveness of the service they are trying to earn money from.

IMPORTANT - NETIDME DO NOT WARRANT OR GUARANTEE THE CORRECTNESS, COMPLETENESS OR ACCURACY OF ANY OF THE INFORMATION, PRODUCTS OR SERVICES ON THIS WEBSITE NOR THE IDENTITIES OF SUBSCRIBERS TO THE SERVICE. NETIDME WILL NOT BE RESPONSIBLE FOR ANY USE MADE OF A NET-ID OR THE SERVICE AS A RESULT OF FRAUDULENT, INCORRECT OR OUT OF DATE DETAILS WHICH HAVE BEEN USED TO CREATE A NET-ID OR TO SUBSCRIBE TO THE SERVICE.

Of course, keeping the system safe also requires that nobody using it ever accidentally leaves themselves logged in to an IM client on a public computer, or that any of the computers being used ever fall victim to keylogging software. And NetIDMe are also assuming that nobody who wants to use the internet to abuse children has a younger sibling or their own child on whose behalf they can apply for the ID.

That isn't a surprise though, as the British tabloid press have so fixated on the image of the lone paedophile prowling the web for victims that they've forgotten that according to the NSPCC in 2000, three-quarters of sexual abuse in the UK is done by people known to the children involved, including abuse by parents, relatives and other carers.

On a slightly lighter note, I am also not sure how much you can trust the data security infrastructure of a company that can't even lay a paragraph of HTML text out properly on the web.

Poor HTML text layout from NetIDMe

When I was at the BBC I worked for a while in a group within the community team, and they spent a lot of time and effort on researching the best ways to keep kids safe online. Chatguide is the main visible manifestation of it, but there were also several back-end initiatives around the protection of sensitive data given to the BBC by children, and the idea of the BBC assisting in some kind of age verification scheme was often discussed - then dismissed as being unworkable.

The thing that most frustrates me about yesterday's ID card launch is that the media are lapping it up, but if it was that simple to verify someone's age online, doesn't NetIDMe founder Alex Hewitt think somebody else would have come up with the idea and made it work in the previous ten years of mainstream internet use?

There are some dissenting voices on the net - notably from Irdial.com who moaned that by carrying the report the BBC was the "parasite riding on the back of a propagated fear, striking at the hearts of all parents and aiming to instill the placid obeying sheep goodhearted honest citizen mentality in to their children". They must have missed the similar breaking news puff piece over on Sky then, and I'm sure the printed press in the UK will be all over the story today.

I was already thinking of writing something about online child safety yesterday after reading an article in the Daily Mail by Paul Bracchi billed as "In harrowing detail, how a 14-year-old girl was duped by a paedophile". Of course, one person's "harrowing detail" is another person's manual on how to groom. I well remember that the first time I ever managed to find any hardcore pornography on the internet was as a youngster with access to a CompuServe account who had just read a detailed article in my parent's Daily Mail about how shockingly easy it was for children to find obscene material. I couldn't help but think that the article today made it easier for someone who had wanted to abuse children online, but didn't know how to go about it, to get started.

Interestingly though, it is one of those Daily Mail articles where the print and online editions differ. A similar article appears online written by Laura Roberts, but it is nowhere near as long or as graphic. I'm not at all suggesting that the print media shouldn't cover this kind of crime, but I found it quite odd to be reading exactly the tricks-of-the-trade the paedophile had used to mentally bully his young victims into complying with his wishes.

The Sky News report on the new ID card quoted figures from an LSE survey stating that:

  • 57 per cent of 'youngsters' have come into contact with pornography online
  • 46 per cent claim to have given out personal information

I don't think the biggest problem exposed by that survey was how high those figures are, it is how low parental expectation was - just 16% of parents thought their kids would have been exposed to pr0n online, and only 5% thought their kids would give out personal information. That is a worrying level of ignorance shown by parents about what their kids do online.

That level of ignorance can surely only be made worse if parents are led to believe that by paying £9.99 to a company for an ID card, their children will be protected, and that they can worry about it even less. And if parents are lulled into a false sense of security and so monitor their kid's activities and educate their children about online behaviour even less than they do now, that can only make the internet a less safe place for children.

Keep up to date on my new blog