[WarOnPrivacy]

From top AU banning official:

     all [age verification methods] have privacy implications. There was big concern with providing government ID. But there are digital identity providers...

This is the point where Gov officials shift from talking about privacy concerns to pretending.

In this case, she's predictably offloading responsibility to a 3rd party provider. I will guess the official is minimally aware that leaks are nearly inevitable (partially due to lax laws) and all of that ID data will be leaked eventually. Probably by a 3rd party to the 3rd party.

Why deceive the reporter and readers on privacy? Because addressing privacy is hard. It takes time, effort, integrity and thoughtfulness.

Because every Gov is loaded with depts that exploit privacy failings to their own advantage.

Because elections are funded by lobbyists that use our data against us.

Add those up and there is so much pushback against respecting privacy - you could launch a spacecraft with it.

[segasaturn]

I agree with everything you're saying about how hard the privacy issue is, but would also like to add that the social media companies are incentivized to act like they have no idea how to implement a solution, because they want teens using their apps. The Facebook Files make it abundantly clear that social companies see teen users are their most valuable asset, since the rest of the culture tends to follow where teens go. When the social companies, who are collectively worth tens of trillions of dollars, say they don't know how to implement the law without convoluted, privacy-destroying, digital government IDs I just don't buy it.

[like_any_other]

The government passed the law, and funds lots of universities with CS and cryptography programs. If there was a privacy-preserving solution, they could have proposed it themselves. Just because someone is motivated to say something, doesn't mean they're wrong.

[x0x0]

There is a separate article https://www.npr.org/2024/11/28/g-s1-36142/australia-social-m... linked in the post. It says:

> amendments [...] bolster privacy protections. Platforms would not be allowed to compel users to provide government-issued identity documents including passports or driver's licenses, nor could they demand digital identification through a government system.

So I guess facial recognition it is. Or my personal guess, a government data feed on birth dates.

Any other solution is too stupid to discuss -- I would be stunned if it's possible to use facial recognition to differentiate a 15 y/o from a 16 y/o in anything approaching a reliable way.

[WarOnPrivacy]

> Platforms would not be allowed to compel users to provide government-issued identity documents including passports or driver's licenses, nor could they demand digital identification through a government system.

This leaves a lot of room for bad acting. The data collector need not compel. They can have 3 methods available but have 2 be a hot mess of unreliability.

FacRec has unreliability baked in - increasingly so, the further from white ones skin is.

[Dylan16807]

I guess it depends on what the ID data is? If it's just a couple pictures and maybe not even your name then there's not much impact in a leak.

[WarOnPrivacy]

> I guess it depends on what the ID data is?

At the minimimum it will be

    Everything on a Gov ID
    All info demanded during the original collection process + demands that get added v2, v3 ...
    All possible metadata
    Data from other sources, added downstream to make it more valuable to govs/corps

The ages of leak victims:

    16 and 17 yo
    Under 16 because many will try
    Everyone else

[Dylan16807]

That doesn't much line up with the process described in the article. Why would you try to derive their age from photo/video if you have access to their birth certificate, for example?

[WarOnPrivacy]

> That doesn't much line up with the process described in the article.

I think you're right this way: I quote part of the the official's comment, ending with ...

After that point in the comment, she pivots to FaceRec. Meanwhile I go off about problems with harvesting Gov ID data. I'd agree those two things don't align.

However, a larger point is she never actually says which tech methods will be in place in Dec 2025.

After half-dismissing Gov ID, she tosses FacRec out there in a way that suggests it'll glean age-from-face on login, without needing any other identifying info. She even qualifies a vendor as being 99% accurate - which is a worthless stat here because it has no context.

FacRec for ID is problem generator. It fails for white skin and fails more, the darker the skin is. Unlike AU's Ban official, I am not excited about tech that disproportionately misfires for AU's brown skinned population.

That's FR for ID, FR for age is magnitudes less capable. The odds it can distinguish between a teen of 15y363d and 16y0d is ~0.

Lastly she tosses beta hand-wavy tech out there as if it were an actual contender. In this interview, she should be reassuring us with known good+safe AgeVer methods. Instead, she takes a moment to tech-fantasize. Best case she's intentionally distracting us here. Worst case she's lost her own thread.

[notTooFarGone]

What I don't get is why not use the fucking ID card?

The government can build a service to verify ones identity and age and social media apps don't have to save IDs.

The whole privacy shit is just weaseling out of responsibility.

[XorNot]

There's no national ID card in Australia, and the law specifically (because there was a large outcry against it) disallows providers from only allowing the use of official ID to verify age.

Because the reality of course is, if you absolutely had to determine how old someone is...you'd ask for their ID. That's how pubs do it, and someone somewhere has had the galaxy-brain idea of going "well, sometimes bouncers just know so like, can't a computer do that?" without really thinking through the constraints of the problem (or that an absolute ton of underage people still get through).

EDIT: It's worth adding - ID cards don't work for this either. The most obvious thing to do is just photoshop the ID you send whoever. But that of course creates a real problem for the "protecting the kids" people. Modern AI would let you run a client-side web-app which would fake an ID for you, but legally the issue with fake ID is that it's considered "forging official documents" which is a crime on the part of the person doing it not the person being fooled by it.

Which in turn means that your "protect the kids" policy is actually a "prosecute the kids policy" if you setup a situation where a bunch of people are pretty likely to think (without knowing the ramifications) that they should just send a fake ID image.