Loss of anonymity, exploitation of user data for profit or extortion, general personal information and database leaks, and an increased possibility of identity theft are not mere inconveniences. These can be a matter of life and death, money, and freedom.
Those pushing for such measures and laws, may foolishly not fully understand the consequences and dangerous of implementing them, or worse they do understand and hope to exploitatively take advantage of them. They can hope to use the pretext of protecting minors, and supplanting parental responsibility, in order to implement a nanny or police state on the way towards fascism.
> Mandatory age verification, and with it, mandatory identity verification, is the wrong approach to protecting young people online.
Is there any approach that the EFF would not say is the wrong approach?
> Once information is shared to verify age, there’s no way for a website visitor to be certain that the data they’re handing over is not going to be retained and used by the website, or further shared or even sold. While some age verification mandates have limits on retention and disclosure of this data, significant risk remains. Users are forced to trust that the website they visit, or its third-party verification service, both of which could be fly-by-night companies with no published privacy standards, are following these rules.
So make it mandatory that they use a system that doesn't allow that. You've logically got three parties involved: (1) you, (2) an entity that needs to know your age, and (3) an entity that is able to attest to your age. (Replace "know your age" with "know you are above a specified age" if that is all that is legally required).
In the quoted paragraph above it seems that EFF is envisioning either #2 and #3 being the same (such as the website you want to use) or that they are separate but #2 picks #3. So you either hand ID documents over to the website or to an entity the website picked and neither of those are necessarily entities you trust.
There are ways though it could be designed so you aren't handing any ID information over to an entity you do not trust, as long as we don't forget about the last 50 years of developments in cryptography.
Here's one. Entity #2 asks you to verify your age and hands you some blob of data that is only meaningful to them. You pick a #3 entity of your choice, go through whatever their "proof of age" procedure is, and if it passes you can have them do a blind signature on the blob. You then give the signed blob back to #2. They see it was signed by #3, and accept that you are old enough.
All #2 learns is that you used #3 for age verification. #3 doesn't learn anything about #2. #3 does know who you are and gets to see your ID documents, but #3 can be handled by an entity that already knows who you are and has seen your ID documents. Good candidates for #3 service would be state or national governments, post offices, and major banks.
Note that this even works for anonymous logins.
The above was just a quick outline of one approach, with no doubt many details missing that would need to be dealt with to make it practical and secure. There are doubtless other approaches that would accomplish the same goal.
I'd like to see more advocacy groups working to make sure that if we do get mandatory age verification we get a system that does take advantage of modern cryptography to make it so that verifying your age to a site can work anonymously and does not give the site any information other than your age and does not give the verification service anything they didn't already have about you.
Too many limit their advocacy to just saying that whatever is currently proposed is the wrong approach, without ever offering how to improve those approaches or suggesting different approaches. That can easily mean that if they fail to get it stopped completely, we end up with one of the worst ways it could be done instead of one of the best ways.
What about a society where everything you see, read, and write, is logged in some central database, to be used, or not, for purposes unknown to you? The Stasi spies were such a great idea that we want to keep them, but much, much more powerful?
I'd say there's some aspect of normal social interaction where what you say holds. But what about whistle blowing or criticizing the government. And what about privacy in what you read? What you're talking about it why places like facebook have a real name policy. That's for the production, not consumption of content.
> No one should have to hand over their driver’s license just to access free websites.
This feels weird in a society where you can require government id to buy alcohol, get on a plane, fly a plane, leave the country, access the legal institution of marriage, get professional licensure, own property, hunt on federal land, buy a gun, use ham radio -- the last one is literally restricting digital communications.
I'm not happy about this but we've kinda jumped the shark with this one, even more so with states gunning for voter id laws. If producing your government id to vote, literally the most fundamental political speech, is constitutional then websites have no chance.
Also good lord this is unbelievably sneaky wording.
> COPA, the Child Online Protection Act, which included an age verification requirement. It was struck down as unconstitutional nearly twenty years ago for limiting the First Amendment rights of adults.
COPA wasn't struck down because the age verification violated 1A. Law to add new tax on chocolate and forbid women from voting was struck down by the supreme court as unconstitutional, US right to chocolate affirmed.
I get the sense that you think I disagree you. I don’t like this law AND I don’t think there’s a strong case for striking it down as unconstitutional under 1A because voting is way more protected than visiting a website.
The best case for striking this down would have been the right to privacy but the current supreme court gutted that.
> This feels weird in a society where you can require government id to buy alcohol
Other examples notwithstanding, showing id to buy alcohol doesn't really affect your anonymity because it's a 2-second face-to-face interaction. You can be reasonably sure there's no chance of all the id's containing information to stay in their systems indefinitely. Even immediately after putting the id back in your pocket, even the cashier themselves probably doesn't have any idea who you are, just that they've verified you're over the legal age for drinking.
For most of your other examples, you're showing your id to institutions of your government. That's different than showing your id to private entities. With regards to showing your id when flying on a commercial airline, there's very few airlines when compared to number of websites, they're highly regulated, etc. Institutions of government, highly regulated private entities of huge proportions with huge liabilities, they all get different levels of trust when compared to random websites from who-knows-what jurisdictions.
In Colorado some liquor stores scan the barcode on your ID, so showing ID to buy liquor isn't a 2 second perfunctory check, but instead another time and place piece of info to add to the dossier about you
I don't think I'd let a random shop scan my ID, especially for something as unimportant as alcohol. A barcode doesn't sound like it stores much, but the potential for ID theft is something I would think anyone is cautious to avoid.
Those pushing for such measures and laws, may foolishly not fully understand the consequences and dangerous of implementing them, or worse they do understand and hope to exploitatively take advantage of them. They can hope to use the pretext of protecting minors, and supplanting parental responsibility, in order to implement a nanny or police state on the way towards fascism.
"The road to hell is paved with good intentions."