My mother celebrated her 87th birthday earlier this month. She’s wonderful, in fine fettle and will happily admit that she is in no way a techie. But, along with my late father, she has been crucial to almost every interview I do.
When dealing with tech companies and their many perplexing ideas, it’s important to simplify. That’s why my first question in almost all interviews I conduct is to ask the subject to explain what they do in a way that she will understand. Many a confident face has turned pale when faced with the Ma test.
Today, the onus is on me to do so because of a digital innovation that both threatens the basic liberty of every resident of the European Union and exposes them to enormous data-security risk.
As is the norm with such matters these days, it all results from an idea that was meant to protect people.
READ MORE
Earlier this month, Ellen Coyne reported in this paper that the Government plans to introduce a digital wallet so that an adult can prove they are an adult before accessing pornography websites.
[ Ireland could require digital ID to access porn websitesOpens in new window ]
The goal is obviously well-intended. It’s also a dreadful idea. Such a tool would mean the passport, driving licence and MyGovID details of thousands, likely hundreds of thousands, of people would become part of a regularly accessed database.
It’s a treasure trove of data that would have every self-respecting cybercriminal salivating. The process will involve the digital wallet, the user’s phone, whatever website they are trying to access and, potentially, an external verification provider.
To keep things simple, that’s three or four separate places through which this personal information has to travel. Every additional segment creates another possible weakness.
[ Age verification won’t stop children accessing porn onlineOpens in new window ]
The State would also be conditioning people, again with good intentions, to expect requests involving their digital identity. Scammers will rush to make convincing-looking, but fake, messages and pop-ups to con users into handing over their data.
The mechanics of this State-proposed process are similar to how most scams online have been run for decades. The difference is that the scale is much bigger, with far more people at risk of falling into the trap.
Let’s take a puritanical position for a moment. If it’s only porn sites that such a system is being used for, it can’t be that bad, can it?
About that. Adult websites are, if anything, a particularly dangerous place to require such an onerous test as users who are hit by scammers are far more likely to be fearful of public exposure, and so will be more vulnerable.
If these were the only the people using the device that was hit by scammers, it would be one thing but most households share devices and it doesn’t matter how the scammer gets in, even those not visiting naughty sites will be vulnerable.
There is decades of evidence to show that every security workaround created to serve a good purpose can be exploited by malicious actors.
Taking the puritan hat off, it is also worth remembering that this is about accessing lawful material.
[ AI strengthens phishing fraudsters by making ‘dodgy’ invoice emails word-perfectOpens in new window ]
When you show your ID in an off-licence, it’s very obvious if someone who isn’t supposed to see it takes a look. They literally have to crook their neck to have a goo. That simply won’t be the case online. It physically cannot be. The process the Government is proposing creates infrastructure that puts the very privacy of adults at risk.
There is, of course, still the goal – preventing children from accessing pornography. Maybe you’re willing to take all these risks if this digital wallet achieves that. But it won’t.
If you’ve got any decent security software on your computer, you’ve almost certainly got a virtual private network (VPN) as part of the package. If you don’t have decent security software, for heaven’s sake get some. If you don’t know about the VPN, your kids already do.
A VPN – and Ma definitely doesn’t know what that is – is a way to change the location where your computer appears to be without actually moving. So a user in Ireland could access the internet as though they were in Iceland, Indonesia or Iran if they wanted to.
The UK’s age-verification rules – something of an inspiration for the Irish plan – merit attention here. Since the new rules came in across the water, pornography platform Pornhub has reported that its traffic originating in the UK has dropped by 77 per cent.
The problem is that, taking this number at face value, Pornhub has no way of knowing how many people are using VPNs to get around the new rules. Given that using a VPN only requires pressing two buttons – one to pick a country and another to turn the VPN on – that’s a really important qualifier.
The initiative being proposed by the Government isn’t new, by the way. Germany and France have moved to take similar measures, and the EU at large has tried to remove absolute anonymity online with its Jutland declaration and its ProtectEU plan. Both of these have the intention of protecting EU citizens; both stand to make us all a lot less safe.
Now Ma may not have understood all of this but she’s definitely managed to get the gist. I hope you and our leaders do as well.
Wanting to protect children is great. Doing so by creating an inevitable security nightmare for everyone in Ireland, and ultimately the EU, the way things are going, is a stupid way of doing it.
