RealID notice, TSA pre-check line, Dulles Airport, Washington, DC, USA by Cory Doctorow CC BY-SA 2.0 https://flic.kr/p/Rswr4J

RealID notice, TSA pre-check line, Dulles Airport, Washington, DC, USA by Cory Doctorow CC BY-SA 2.0 https://flic.kr/p/Rswr4J

News

Bill S-210 is Just the Beginning: How a Canadian Digital Lobby Group is Promoting a Standard to “Foster Widespread Adoption of Age Verification Technologies in Canada”

This week’s Law Bytes podcast features a revealing discussion with Senator Julie Miville-Dechêne, the chief architect and lead defender of Bill S-210 or the Protecting Young Persons from Exposure to Pornography Act. It may be the most dangerous Internet bill you’ve never heard of since it contemplates measures that raise privacy concerns, website blocking, and extend far beyond pornography sites to include search and social media. The bill started in the Senate and is now in the House of Commons, where last year Conservative, NDP, and Bloc MPs voted alongside a small number of Liberal MPs in favour of it at second reading and sent it to committee for further study. The government has called the bill “fundamentally flawed”, but there may be sufficient House support to turn it into binding legislation.

While Senator Miville-Dechêne emphasizes stopping underage access to sexually explicit material and her view that that goal merits site blocking and mandated age verification even for some uses of Google and Twitter, a new standards initiative suggests that some envision far more extensive use of mandated age verification systems. The Digital Governance Council is one of several Jim Balsillie-led organizations focused on influencing government digital and innovation policy. Its CEO is Keith Jansa, who Senator Miville-Dechêne identified in the Law Bytes podcast as her source for providing assurance of the privacy safeguards in the bill.

The DGC includes an accredited standard-setting arm which is now promoting the development of a standard for age verification which “aims to foster the widespread adoption of age-verification technologies in Canada.” The proposal for the standard makes it clear that Bill S-210 is only the start. In fact, it argues that recent trends “compel the need for a broader application of age verification technologies” than those envisioned by the bill. In doing so, it cites the need for age verification technologies for gaming platforms, live streaming video, virtual reality, online advertising, and chat forums. With regard to Bill S-210, the proposal maintains that support for age verification should extend far more broadly:

The proposed standard is crucial as Bill S-210 progresses through Parliament as it will define best practices in the fields of age verification and privacy protection to support the legislation when age-verification methods are prescribed. The need is also evident for industry and consumers considering continuous usage of age-verification dependent products.

The goal of the standard is therefore explicitly to expand the use of age verification:

This proposed standard aims to:

a. Facilitate the adoption of age-verification technologies in Canada,

b. Support the Canadian industry by establishing defined standards for age verification,

c. Encourage biometrics-based age-verification innovation by Canadian researchers, and

d. Ensure compatibility of Canadian regulations on age-verification with international standards.

Age verification may indeed be a useful tool, but the Australian government recently concluded that the technology is “immature, and present privacy, security, implementation and enforcement risks.” Despite those risks, Bill S-210 has advanced rapidly through the Parliamentary process and we now learn that a leading technology business lobby group is rushing to establish a standard with the express goal of fostering its widespread adoption in Canada, while at the same time providing behind-the-scenes advice on the privacy implications of Bill S-210. If you thought that bill was dangerous before, the work of the DGC suggests that the industry envisions a future with widespread use of mandated age verification technologies for accessing sites and services on the Internet.

22 Comments

  1. Yet another reason to use a geo-relocating VPN — to mask your source location as being from somewhere other than Canada so that all of this silliness does not apply to you.

  2. I think it is well understood that biometrics cannot establish age.

    Let’s try a simple example. How will age verification be done for a Canadian who is 22 years old, and has neither a credit card nor a government ID? If there is no solution for that group, then age verification is guaranteed to prevent legitimate access.

    The solution here is to enable parents to make local blocking settings on devices. Parents are the best method of age verification for minors.

  3. Interesting … this is an op-ed by Jim Balsillie. “Privacy is central to human well-being, democracy, and a vibrant economy. So why won’t the Trudeau government take it seriously?” (Globe and Mail, Oct 22, 2022) … original link is paywalled.

    https://www.theglobeandmail.com/opinion/article-digital-privacy-technology-canada/

    Alternative link — https://centrefordigitalrights.org/files/document/2022-11-28/259-090454.pdf

  4. “Its CEO is Keith Jansa, who Senator Miville-Dechêne identified in the Law Bytes podcast as her source for providing assurance of the privacy safeguards in the bill.” This is like a used car salesman saying “Trust me, you don’t need a mechanic to check a 10 year old car, it runs great.” And then you believing him.

  5. It’s nearly impossible to tell across the Internet whether or not someone is *human*. Much effort has been put into trying to do so, with remarkably little success against current techniques for defeating the captcha. It’s not completely one-sided but it seems to me the bots are generally winning that fight lately.

    What fantasy world are these people living in to make them believe that there exists some kind of magic we can use to reliably detect the age of every user without severely intrusive data collection, or even with it? I look forward to finding out, haven’t listened to the podcast yet.

    • They don’t believe there is any such magic. They are just very happy to use severely intrusive data collection to satisfy their goals.

      • Whatever they try, it will quickly be defeated. Just look at the things people will do in order to cheat in video games (https://yewtu.be/watch?v=RwzIq04vd0M) and imagine that level of effort devoted to defeating biometric age-verification software. The only reason age-detection bypass software isn’t commonly available already is because nobody uses biometric age verification for anything important, and that is because nobody wants it and it sucks.

        So they only way they can sell that product is to dupe the politicians, but even then it’s set up to fail. It will inevitably need further legal reinforcement in the form of criminalization of the software tools that can be used to defeat the age divination magic. The whole project then obviously becomes part of the “war on general-purpose computing.” Perhaps that explains why Microsoft isn’t as strictly opposed to the idea as they might be if they weren’t desperate to find some way to lock out future competition from less user-hostile operating systems.

  6. Well I listened to the interview. She really does have a thing about porn. She starts off by talking about the worst of the violent and demeaning stuff, but ends up talking about anything intended to provoke sexual arousal. Meanwhile she repeatedly says it’s about “protecting the children” while the text of the bill aims at not just children but everyone under the age of 18 years.

    One point that I don’t remember being made about the kind of “filters” that can be controlled by parents is that they could be made much more effective and easy to use if governments were to mandate that porn websites (and everyone else providing material not suitable for children in various ways) must follow a specific standard for identifying that content, or that their site allows such content. If Canada attempted to lead the way in that direction it might actually do the world some good.

    • But filters would be the simplest way to do the job… And therefore not gonna happen.

      I worked as a software engineer for 27 years. I had a stamp that I could use to comment on design docs that read “Is there no harder way?” to remind people of the KISS principle.

    • The thing is that this is a solved problem for parents that are concerned (which is where this problem belongs, not with government meddling in family concerns):

      https://www.cira.ca/en/canadian-shield/

      The problem with that solution is that it does not benefit the Age Verification industry that is obviously who is behind all of this and it using our captured puppet government officials to promote their industry.

  7. Knowing something about web technology is important here.

    Especially … DoH, AnyCast, ESNI.

    DoH means that your ISP will not know what websites you might visit because the domain name queries and replies will be encrypted.

    AnyCast is a CloudFlare technology that essentially means a website can be reached through hundreds – or more – IP address. In IPv6, CloudFlare has 10^30 IP addresses.

    ESNI is the “Encrypted Server Name Indication” is how your browser will specify the website requested, and how the server will know that – but no layer in between can know what website is being reached.

    The overall result is that your ISP is completely blind to your website traffic, and cannot block a particular website without blocking thousands of other sites as well.

    Now – this legislation might be capable of forcing Canadian sites to implement something. But the net effect is to disadvantage Canadian web sites and site hosting. Just move the business to a non-Canadian location, or sell to a non-Canadian company, and carry on as usual.

    This legislation *threatens* Canadian companies, rather than helps them.

    • > The overall result is that your ISP is completely blind to your website traffic, and cannot block a particular website without blocking thousands of other sites as well.

      That is expressly permitted in the Bill! To be perfectly clear, the proponents understand the risk of overly-broad blocking and the collateral damage it would cause, and they are OK with it. You have to be willing to do that if you want to save the children after-all!

      > Now – this legislation might be capable of forcing Canadian sites to implement something. But the net effect is to disadvantage Canadian web sites and site hosting. Just move the business to a non-Canadian location, or sell to a non-Canadian company, and carry on as usual.

      This proposal is not limited to just Canadian websites. It proposes to be global and force the entire world to age verify all Canadians. Any website outside of the legal reach of the Canadian government that does not implement will be blocked as above, along with all of the collateral damage that may cause. Again, somebody needs to think of the children!

      > This legislation *threatens* Canadian companies, rather than helps them.

      You need to be specific here. This legislation threatens some Canadian companies, indeed. But it massively benefits the Age Verification industry, which is obviously the puppet master behind all of this that has their hand up the ass of the puppet Senator that is pushing for all of this.

      I’m just waiting for the “anti-children” propaganda to start over all of this. I.e. “if you are against age verification then you must be a child-molesting sexual predator” kind of bullshit.

      • “[Overblocking] is expressly permitted in the Bill!”

        That is certainly true. But I suspect the thinking was more along the lines of “60% of a site instead of 10%” or “three sites not just the one”. The *scale* of overblocking would be much greater than that, if it worked at all. I would be interested in an answer to “will blocking still be used if it requires also blocking 1000 other websites”. (I also think the answer would be dodged.)

        “This proposal is not limited to just Canadian websites.” A nice claim there. And although (ineffective?) blocking might be aimed at sites outside Canada, the fines can only really be levied against Canadian sites. And – like a number of other recent bills – this one might trigger a trade complaint, especially if the complaining site or company was blocked by side effect.

        “You need to be specific here.” Okay. First, this raises the risk of hosting a site in Canada. The solution is to host *outside* Canada, where you can better mitigate the effects of blocking. That drives down the demand for hosting in Canada – and since the costs of hosting are strongly dependent on scale, reduced hosting puts upward pressure on hosting pricing for those still here, making it more likely to just go beyond borders to get a price break – a nasty spiral. Second, this raises the risk to a Canadian company owning and operating a site in Canada. If the company might be subject to fines (user generated content?) it may be less risky to move the ownership to a non-Canadian jurisdiction, and carry on business as usual (see “Facebook Canadian news content” to see what happens when you try and strong-arm non-Canadian companies).

        There are *already* reasonable solutions here to protect children. Not legislation, but information and education for parents, which could be put to immediate effective use – certainly sooner than it will take for this bill to get going. I find it completely bizarre that it appears to be the same politically active groups that support parents’ rights to raise their childing as they see fit using school policy, but prefer having the government take over from parents in this case. And, yes – that might be a politically useful talking point: Why don’t you directly help parents, instead of having the government take over from them?

        • Chris, I am not sure I agree with your statement about the parents rights support… I looked at the result of the vote in the HoC held on 13 Dec 2023, and the vote went mostly along party lines, with the following vote counts per party:

          Party Yea Nay Paired
          LPC 15 132 1
          CPC 115 0 1
          BQ 32 0 0
          NDP 24 0 0
          Independent 2 1 0
          Green 1 0 0

          So while most of the 189 Yea votes came from the CPC, it appeared to be more related to the party rather than the tendency to be libertarian.

          • First – big congrats for actually looking up details. That is not done enough these days!

            For the S-210 vote, I agree – the data very much indicates a party-line vote for the CPC, BQ, and NDP. That noted, I was rather thinking the other direction – how is it that more members did not vote Nay, this being very much a “government knows better than you” type bill.

            That topic risks starting me on that ongoing concern, that we actually might have members with good judgement, but they are not permitted to exercise it, and instead have to quietly vote the party line, rather than vote their judgement and conscience. But that is very much a different topic.

          • Chris, I just looked up an item from CTV news (from Dec 14) which indicated:

            “A spokesperson for the Canadian heritage minister told The Canadian Press earlier this year that the government was working on its own approach to dealing with online harms, and the Senate bill overlapped with their work.”

            So it could be viewed that the LPC ordered members to vote against S-210 (in particular the Cabinet members), and 15 didn’t toe the line (the vote was simply to send it to the Standing Committee on Public Safety and National Security for examination, not necessarily to pass it). The real test will be third reading.

            If the Senate bill were adopted it would steal the thunder of the upcoming government bill, which could also explain why the CPC voted for it in second reading, not because they necessarily agree but to embarrass the government.

  8. Our company have amazing opportunities for “work from home”, which describes a modern working arrangement where employees qr4 perform job responsibilities remotely, typically from their own homes instead of an office. It offers flexibility, improved work-life balance, and cost savings for employers.
    See the details…>>

  9. Our company have amazing opportunities for “work from home”, which describes a modern working arrangement where employees qr4 perform job responsibilities remotely, typically from their own homes instead of an office. It offers flexibility, improved work-life balance, and cost savings for employers.
    See the details…>> https://VirtualCareer73.blogspot.com/

  10. Are these individuals living in such a dream land that they think there’s some sort of sorcery we can employ, even with it, to correctly determine each user’s age without the need for highly invasive data collection?

    • No. That’s entirely the point. They don’t need such a dream land as they don’t care about invading your privacy. Indeed, the more information they can collect about you, the better for them.

      This is just another excuse to get yet more personal (i.e. all of your Internet usage) information from the citizenry. A “think of the children” excuse at that. You know what happens when you oppose “think of the children” legislation right? You get accused of siding with child molesters. That’s why any chance the government gets to frame something as “think of the children”, it’s a slam dunk.

  11. Pingback: Digging Deep into Digital ID – White Rose Intelligence

  12. Pingback: Canada's Bill S-210: The Push for Widespread Age Verification clwg on May 8, 2024 at 09:33 Hacker News: Front Page - Bharat Courses