The federal government has announced a $6.5m pilot of age assurance technology to prevent children from accessing pornography and harmful content as part of its response to the family violence crisis in Australia.
But how will it work? And will it be effective?
Here’s what we know so far.
What is the government proposing?
The prime minister, Anthony Albanese, announced the pilot “will identify available age assurance products to protect children from online harm, and test their efficacy, including in relation to privacy and security”.
“The outcomes will inform the existing work of Australia’s eSafety Commissioner under the Online Safety Act – including through the development of industry codes or standards – to reduce children’s exposure to age-inappropriate material.”
What would be covered by it?
That has yet to be decided, but Albanese has said it will “protect children from harmful content, like pornography and other age-restricted online services”.
It is understood the trial may cover not only adult sites, but also other services where there are age restrictions, such as gaming.
How would it work?
The general idea is that when someone attempts to access a website hosting adult content, the site will employ a method to ensure that person is an adult.
The UK, which has recently implemented age assurance legislation, is the example most proponents suggest Australia should follow. It has outlined five ways companies can make sure people are the age they say they are:
Allowing banks to confirm a user is over 18
Allowing mobile providers to confirm a user is an adult
Credit card checks. People in the UK need to be over 18 to have a credit card and the website can check with the issuer that the card is valid
Asking users to upload a photo to the site that is then matched with photo ID
Use of facial age estimation technology
In the roadmap for age verification, released by the eSafety commissioner last year, the commissioner recommended what it called a “double-blind tokenised approach”.
That is a device-based token where a third party provider transfers information between sites and age assurance providers to protect user privacy. The token is proof of someone’s age that is held on a device, which can be presented as proof of age without handing over personal information.
Is it feasible?
That is what the pilot aims to determine.
Last year’s road map found the market is “immature but developing” and each technology has benefits and trade-offs. For example, ID-based tools are more certain but carry a higher level of risk.
Will companies comply?
This is the major question. At a time when X is thumbing its nose at the eSafety Commissioner over removal notices and challenging them in court, it remains to be seen whether smaller, overseas-based adult websites will cooperate.
The pilot may look for local sites to test to figure out what might work.
There is already some resistance to attempts at age verification in other parts of the world. The largest porn site, Pornhub, has blocked users based in Texas from accessing the site due to that state’s new age verification law.
But not all adult content is hosted on adult sites. The eSafety roadmap pointed out that more teens 16-18 last year reported seeing porn on Twitter/X (41%) than on actual porn sites (37%) – and that was before the rise of “NUDES IN BIO” reply bots on the site.
Ofcom in the UK had some success in getting two adult sites – SoSpoilt and Xpanded – to verify ages via credit cards, ID, mobile checks and age estimation – but it is still early days.
Won’t this be a massive privacy risk?
Depending on the solution used, it could be.
We could end up with porn websites keeping the ID documents of users on file.
That creates a huge honeypot of information and could see the institutions verifying people hold much more personal information on users than previously.
eSafety is cognisant of this concern, which is why it proposed a double-blind token option so that neither the organisation verifying you or the adult site track your personal information or website preferences.
Has it worked elsewhere?
As eSafety noted last year, the market is relatively immature. It’s still in early stages in other parts of the world.
The UK mandated age assurance for adult sites late last year.
Adult sites there are not mandated to use a specific form of age assurance technology, but they are required to meet legal obligations set out by the UK’s online safety act that whatever they use is highly effective, technically accurate, robust, reliable and fair.
A spokesperson for the communications department it had partnered with the UK to learn from its efforts, and was also looking at how similar systems were working in the US.
Will it use the digital ID?
No decisions have yet been made. The legislation enabling the government’s digital ID framework passed the Senate in March, but has yet to pass the House. The eSafety commissioner’s preferred option of a double-blind token system could also be compatible with the government digital ID, meaning that system could be used to verify someone’s age.
When will it happen?
There hasn’t been a time set on when the project will roll out.