Comment

Australia’s social media ban won’t protect kids – it’ll put them more at risk

It’s not up to politicians to act as digital gatekeepers – and the reality is, these new rules will push teenagers into more dangerous corners of the internet, warns cybersecurity expert Joseph Steinberg

Saturday 21 December 2024 07:50 EST
Comments
Australia approves social media ban on under-16s

It’s hard to know what to gift teenagers at Christmas. They are no longer interested in toys; nor are they old enough for the bog-standard bottle of wine that you buy for other tricky customers. And so, you go for the fail-safe option – something that will keep them entertained and firmly cement your place in their good books: a mobile phone.

Only now, there’s just one problem; social media platforms are under threat, and the laws around them are changing – and without social media, well, that new iPhone you purchased is all but obsolete in their eyes.

Beyond the ongoing debate over TikTok’s future in the US, Australia has recently made the decision to ban children under 16 from social media – a policy which the government will enforce via untested age verification (AV) technology.

The move has not only reignited debates about balancing online safety with privacy and freedoms, but whether freedoms should be curtailed in pursuit of a measure that does not work. There is little doubt that Australia’s politicians are well-intentioned, but the approach that they have taken is more likely to aggravate matters when it comes to protecting children online.

Ironically, Australia previously investigated strict AV for access to adult content websites – before abandoning the measure after realising it would do more harm than good. The UK must avoid repeating Australia’s misstep.

The AV technology to be used on social media platforms in Australia is also being mandated on websites in the UK under the Online Safety Act. This is a controversial piece of legislation that gives sweeping powers to platforms and regulators to control content.

However, efforts to protect children must not rely on thousands of websites globally to implement controls that are far from perfect to begin with. It is absurd to sacrifice privacy, fundamental rights, and safety on the altar of an unachievable dream.

As highlighted in an open letter from over 60 civil society organisations and privacy experts across Europe, implementing AV creates serious risks to fundamental rights and unintended consequences. Requiring all users to prove their age involves intrusive data collection and undermines privacy rights – mandating people to upload biometric scans, copies of government-issued IDs, or other sensitive materials online.

And don’t kid yourself about sites not storing such data long-term – if the government were ever to pursue enforcement, such sites will need data to prove they were not negligent.

Website-based AV also creates new security risks. By requiring websites to store vast amounts of personal data, they become lucrative targets for hackers. A breach could expose sensitive information about both adults and children – as every user will have to provide their personal data to prove their age – making everyone more vulnerable to online exploitation.

While privacy is compromised in the name of safety, that very safety may not even be achievable: age-verification technologies are notoriously easy to bypass, especially by tech-savvy users who know how to obtain and utilise fake IDs, VPNs, and/or shared credentials.

Tech-savvy users, locked out of mainstream platforms, could also find ways to access unregulated websites where risks are far greater. As child protection campaigners warn, AV could simply push young users into invisible corners of the internet, where protections are weaker or non-existent – and they may be exposed to materials far more harmful than the websites complying with UK regulations.

For the UK, the message is clear: beware. The intention to protect children from harmful content online is right, but concerns are growing about how these protections will be implemented and enforced – and at what cost.

Remember, we are not discussing differentiating between a 60-year-old and a 10-year-old; the UK’s law requires that sites be able to stop a 17-year-old from claiming to be 18. It also exposes the majority of citizens to data privacy and security risks who have to prove they are over 18.

The UK government should prioritise protections at the device level, where harm can be mitigated without intrusive data collection. By focusing on measures like robust parental controls, device-level filtering, and improved education about digital resilience, children can be better equipped to navigate online risks. Such solutions empower families without turning platforms or politicians into the role of digital gatekeepers.

Device-level protections also avoid the pitfalls of centralising sensitive user data. Instead of exposing everyone’s private information to the risk of breaches, these tools ensure that safeguards are applied locally and discreetly – and with nobody unnecessarily storing sensitive information. This approach maintains the balance between online safety and the fundamental rights of privacy and freedom of expression.

The UK has rightly set high expectations for child safety in the digital age, but implementation must be handled with precision and caution. Policymakers should heed the warnings from experts, civil society, and international examples like Australia. Treating AV as a panacea may satisfy political calls for action, but they fail to deliver meaningful safety while exposing children to greater risks.

The UK has an opportunity to set global standards that protect children online without compromising the foundational values of the internet. By focusing on systemic protections, rather than invasive and untested AV tools, it can avoid repeating Australia’s mistakes and ensure a safer, freer digital future for all. A world in which age assurance is done at the device level, and is activated immediately upon device provisioning, rather than adopted piecemeal on a site-by-site basis.

Joseph Steinberg is a US cybersecurity expert

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in