IPcentral Weblog
  The DACA Blog

Tuesday, April 10, 2007

Jeff Schmidt on Age Verification and Online Child Safety
(previous | next)

I've been spending a lot of time lately thinking and writing about the contentious issues surrounding social networking sites, age verification mandates and online child safety in general. I recently released a major PFF working paper on these issues ("Social Networking and Age Verification: Many Hard Questions, No Easy Solutions").

One of the people who has had a great deal of influence on my thinking about these matters is information security expert Jeff Schmidt, the CEO of Authis, a Reston-based authentication / identification firm. Jeff has 15 years of experience in this field and has worked for Microsoft, Ohio State University, and several other small technology companies. He is also a founder and the elected Director of the InfraGard National Members Alliance, which is the private sector component of the FBI’s InfraGard Program. (InfraGard is an FBI/private sector alliance dedicated to improving information sharing between private industry and the government on matters of national security). Jeff helped the FBI create the InfraGard Program in 1998.

So Jeff knows his stuff, and that's what makes what he has to say about these issues--especially age verification--particularly important. Luckily, some of the essays he has penned on this subject and shared with me in the past are now online for all to see here. I thought I'd provide some highlights of the key conclusions from his papers, which are listed below:

Here are his three key papers...
* "Online Child Safety: A Security Professional's Take"
* "Why Internet Age Verification Makes Kids Less Safe"
* "Evaluating Age Verification Systems"

...and here's some of what he has to say about age verification in particular:

The concept of age verification is nebulous at best, and any discussion of age verification also necessitates discussion of identification and authentication. ...

We are at a roadblock because Internet-scale multi-factor authentication of children is simply unworkable from practical, operational, technological, and cost perspectives. Left with relatively weak password authentication, we must ask: how long will it take for a black market of "age verified" credentials to surface? How long until children begin to share or lose their "age verified" credentials? How long until child predators become skilled in guessing and phishing for children’s passwords? How long before enterprising children begin to sell their "age verified" credentials? In the frightening case where a child predator is also a parent of a young child, we must assume that the predators will use their children's "age verified" credential. If failure rates are similar to adult username/password failure rates, we will not have solved the problem and added a tremendous expense and burden managing literally hundreds of millions of children's usernames and passwords. ...

As no security solution is 100 percent effective, we must assume that anything we deploy will fail some percentage of the time. Two direct corollaries to Courtney's Second Law state this clearly: "Perfect security has infinite cost" and "There is no such thing as zero risk." ...

We are faced with the dangerous reality that the instant we create an "age verification" system we will have child predators admitted to our "safe areas" falsely age verified as youths. We also know that age verification by its definition would effectively create a target list for the predators while wandering these "safe areas."

We must conclude that any attempt at Internet-scale "age verification" will fail often, fail spectacularly, and fail in ways that actually make children less safe.

posted by Adam Thierer @ 3:11 PM | Free Speech , Privacy

Share |

Link to this Entry | Printer-Friendly

Post a Comment:

Blog Main
RSS Feed  
Recent Posts
  EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case
New OECD Study Finds That Improved IPR Protections Benefit Developing Countries
Hubris, Cowardice, File-sharing, and TechDirt
iPhones, DRM, and Doom-Mongers
"Rogue Archivist" Carl Malamud On How to Fix Gov2.0
Coping with Information Overload: Thoughts on Hamlet's BlackBerry by William Powers
How Many Times Has Michael "Dr. Doom" Copps Forecast an Internet Apocalypse?
Google / Verizon Proposal May Be Important Compromise, But Regulatory Trajectory Concerns Many
Two Schools of Internet Pessimism
GAO: Wireless Prices Plummeting; Public Knowledge: We Must Regulate!
Archives by Month
  September 2010
August 2010
July 2010
June 2010
  - (see all)
Archives by Topic
  - A La Carte
- Add category
- Advertising & Marketing
- Antitrust & Competition Policy
- Appleplectics
- Books & Book Reviews
- Broadband
- Cable
- Campaign Finance Law
- Capitalism
- Capitol Hill
- China
- Commons
- Communications
- Copyright
- Cutting the Video Cord
- Cyber-Security
- Digital Americas
- Digital Europe
- Digital Europe 2006
- Digital TV
- E-commerce
- e-Government & Transparency
- Economics
- Education
- Electricity
- Energy
- Events
- Exaflood
- Free Speech
- Gambling
- General
- Generic Rant
- Global Innovation
- Googlephobia
- Googlephobia
- Human Capital
- Innovation
- Intermediary Deputization & Section 230
- Internet
- Internet Governance
- Internet TV
- Interoperability
- IP
- Local Franchising
- Mass Media
- Media Regulation
- Monetary Policy
- Municipal Ownership
- Net Neutrality
- Neutrality
- Non-PFF Podcasts
- Ongoing Series
- Online Safety & Parental Controls
- Open Source
- PFF Podcasts
- Philosophy / Cyber-Libertarianism
- Privacy
- Privacy Solutions
- Regulation
- Search
- Security
- Software
- Space
- Spectrum
- Sports
- State Policy
- Supreme Court
- Taxes
- The FCC
- The FTC
- The News Frontier
- Think Tanks
- Trade
- Trademark
- Universal Service
- Video Games & Virtual Worlds
- VoIP
- What We're Reading
- Wireless
- Wireline
Archives by Author
PFF Blogosphere Archives
We welcome comments by email - look for a link to the author's email address in the byline of each post. Please let us know if we may publish your remarks.

The Progress & Freedom Foundation