The government plans to introduce legislation to enforce a minimum age for access to social media, according to Prime Minister Anthony Albanese. It’s all a little vague at this point — no age limit has been flagged and won’t be until a trial of “age-verification technology” has been completed.
The government getting access to yet more personal information? What could go wrong? Oh, that’s right, the following could go wrong:
Data breaches a-plenty
Government data breaches, hacks and just plain screw-ups with personal data have peppered the past decade in Australia. Off the top of our heads:
- In 2014 information on the personal details of nearly 10,000 asylum seekers and other people in immigration detention was accidentally embedded in data available on the website of what was then the Department of Immigration.
- In 2016 there was the farrago of the census, with a Senate inquiry dragging the Australian Bureau of Statistics for its disregard for privacy and lack of transparency.
- In 2017 the Department of Social Services notified current and former employees that the department’s credit card management system had been compromised, exposing more than a decade’s worth of personal information. This included credit card details, employee names, work emails, system passwords, Australian government service numbers and more.
- In 2017 Medicare was subject to a major breach, which the then responsible minister Alan Tudge claimed was the result of “traditional criminal activity” rather than a “cyber attack”.
- In 2022 NDIS participants saw a “large volume” of their sensitive data hacked and posted on the deep web.
The companies that deal in age verification have also shown themselves to be vulnerable to attack. 404 Media revealed earlier this year that the company AU10TIX — which verifies user identities for TikTok, Uber and X (including, at times, by processing photographs of users and their driver’s licenses) — exposed a set of administrative credentials online for more than a year, which could have allowed hackers access to that data.
Politicking
Of course, the above examples are just old-fashioned mistakes. As Guardian Australia journalist Josh Taylor pointed out regarding the census in 2016, it doesn’t take into account what a future government might do with greater access to our personal data.
The story of blogger and welfare recipient Andie Fox leaps to mind. In 2017 she published a comment piece with The Canberra Times detailing her experiences of robodebt. The office of then human services minister Tudge promptly gave Fox’s personal information to Canberra Times journalist Paul Malone, which formed the basis of an article refuting Fox’s piece. The Australian Federal Police declined to investigate the leak.
Trickery
If we accept that age-based social media bans are desirable, as Crikey‘s Cam Wilson demonstrated, facial recognition software is vulnerable to being tricked. Wilson was able to convince Yoti’s online demo of its age-estimation technology that a stock image of a 10-year-old was old enough to purchase a knife using an aging filter.
