Australia is pushing big tech to ‘protect kids from porn’. What can they actually do?
- Written by: Toby Murray, Associate Professor of Cybersecurity, School of Computing and Information Systems, The University of Melbourne
Australia’s eSafety Commissioner has announced she’s given the major tech platforms six months to develop enforceable codes for protecting children from online pornography and other “high-impact” content like self harm.
This follows recent announcements that the federal government is trialling “age assurance” technology to prevent children accessing online porn.
Parents of school-aged children are all too aware of why such efforts are needed. The commissioner’s own research indicates the average age children encounter pornography online is 13. Some stumble upon it by accident much younger.
Age verification is an incredibly challenging technical problem – especially for adults’ access to pornographic content. Currently, the most reliable age verification methods are government-issued identities (whether physical or digital). Yet few people would be willing to reveal their porn habits to the government.
What then might tech platforms like Google, Apple and Meta implement? Let’s look at the options.
What’s on the table?
While crystal-ball gazing is always fraught, we can draw some clues about what the commissioner has in mind. The codes are set to apply broadly and are not just limited to porn sites or social media platforms like Instagram and Snapchat.
Instead, the commissioner envisages codes that cover the entire online ecosystem. Apps and app stores, websites (whether porn or otherwise) and search engines like Google are covered. Also, service and equipment providers that power online platforms and build smartphones and other devices.
Finally, the codes are set to also cover instant messaging and chat, and even multi-player gaming and online dating services.
An accompanying discussion paper details the sorts of measures being considered. These include things that would be relatively straightforward to implement, like ensuring search engines like Google have Safe Search features turned on by default. These filter out content that may be inappropriate for children to view from appearing in search results.
Parental controls, which already exist in various forms, are also in scope. However, the focus seems to be on avoiding an “opt-in” model in which parents have to do all the heavy lifting. (Anyone who has configured Screen Time on an iPhone to limit their child’s smartphone use knows how burdensome this can be.)
Of course, age assurance technology is also in scope. The codes will be developed in parallel with the government’s ongoing age assurance technology trial. Age assurance covers methods like facial recognition for estimating somebody’s age, as well as methods for verifying somebody’s age, such as government-issued digital IDs.
However, we already know many existing age assurance technologies can’t feasibly regulate access to pornography. Technology based on facial recognition is inherently unreliable and insecure.
And having to show your government-issued digital identity (such as your MyGovID) to sign-up for access to adult content raises significant privacy concerns.
How might this work in the future?
The discussion paper recognises the need to carefully balance online safety and privacy concerns. It notes that age assurance technology should protect people’s privacy while minimising the amount of data required to be collected about people.
Reading between the lines, what the online regulator seems to be angling for is a holistic approach in which smartphone manufacturers and companies like Google and Apple – who manage the major app stores – work together with online platforms like Meta (who owns Facebook and Instagram).
This is yet another big ask from a relatively small Australian regulator. But it may be worth trying.
We’ll have to wait for the actual codes to emerge in December. However, based on currently available technology, one speculative way this might all play out could be the following.
Imagine you’ve just purchased a new smartphone for your child. When setting up the phone, you’re asked if you would like to turn on child safety features.
These features could include things like having Safe Search turned on by default on the phone, plus blocking access to porn sites. App stores already include age ratings for their apps, so under this scenario the phone could refuse to install age-inappropriate apps.
Other child safety features could include having the phone automatically scan images displayed in apps (whether Instagram, WhatsApp or Snapchat) to detect ones that appear to contain nudity or high-impact content. The phone could then be set to either display a click-through warning, or to blur or refuse to display those images. Those same protections could also be applied to photos taken by the phone’s camera.
However, no detection system is perfect and automatic content classifiers routinely fail to catch unsafe content or falsely flag innocuous content as unsafe.
If platforms implement this sort of filtering, they will have to navigate difficult choices, including balancing a parent’s right to control their child’s exposure to harmful content and the child’s right to access high-quality sexual education materials.
Can tech giants work together?
For all this to work, the Apple or Google account used to download apps would need to be integrated with those child safety features. That way, if a child downloads the Google Chrome browser on their iPhone, Chrome could be instructed to turn on Safe Search or block access to porn sites.
This scheme has the advantage that it doesn’t require fallible age estimation technology, nor heavy-handed digital identification, nor privacy-invasive surveillance.
However, it would require tech firms to work together to implement an integrated and comprehensive set of safety measures to enhance online child safety.
That goal is laudable and may well be achievable. However, whether it can be done in just six months remains to be seen.
Authors: Toby Murray, Associate Professor of Cybersecurity, School of Computing and Information Systems, The University of Melbourne
Daily Bulletin
