First a bit of context.
In 1997 UK banks started issuing debit cards to anyone with a current account (a checking account). Courtesy of their parents, children as young as eleven therefore had them, perfectly legally. In 1997 there were around five million children in the eleven to eighteen age group. Today it’s nearer six million, 7-8% of the population.
“Pre-paid debit cards” soon became available to anyone. No bank account needed. These cards plugged into and were only possible because they used the same payments networks developed by the banks and credit card companies. The banks and credit card companies were therefore the progenitors of this new way of paying for and doing stuff online and offline.
At the time, pre-paid cards were hailed as a big step forward for the “unbanked”, and for people who would never qualify for a standard credit card. But the superstars of the world of finance had not quite thought it all through. A reminder, once again, that having swanky offices, a smart address and a big job title, is no guarantee……well, of anything at all.
The prepaid cards could be bought in any number of retail outlets including petrol stations and corner shops. Nominally people selling the cards were meant to confirm the individuals buying them were over 18. Nobody argued this was actually happening, certainly not at scale.
As the internet began to take off, debit cards of both kinds hove into the view of children’s organizations. Prepaid ones were effectively untraceable. They started being used to buy child sexual abuse material and to facilitate other highly unsavoury criminal behaviour.
The ordinary ones, linked to children’s accounts, were being used by children to gamble. This was also illegal. Regardless of the venue or form, the law was clear. You had to be 18 to gamble anywhere and everywhere in the UK but kids were going to gambling web sites, ticking the box to say they were over 18 and that was it. They were in. A small number of children were being classified as gambling addicts. There shouldn’t have been any.
That’s when children’s groups got busy. First we discovered several of the larger banks’ and credit card companies’ processes could not distinguish between a prepaid debit card and a regular one. Neither could they distinguish between either kind of debit card and a credit card (the latter only being available to over 18s). Somebody had forgotten to write down the numbers before sending them out to the distribution points. Oh dear. See earlier comments about swanky offices, big job titles etc.
All this started to change when tougher anti-money laundering rules began to kick in Duh! But that was a little way off in an unknowable future so we went to see card issuers and gambling companies, or at least several of the bigger ones.
Long story short, the card issuers were not interested. They were completely clear. Even in respect of cards tied to a bank account, where they acknowledged they had the necessary data, whatever the pre-GDPR law then said about data-sharing for such a beneficial purpose, they had no desire to engage in verifying anybody’s age. That was a problem for the gambling industry. Not them. Thank you and goodbye.
Off we trotted to the gambling companies. They were all aware of the problem of children gambling on their sites but with one or two exceptions none wanted to do anything about it until everyone, which meant all of their competitors, had to do the same thing at the same time.
To paraphrase Saint Augustine
“Lord make me virtuous but not until everybody else is or it will cost me a lot of money”.
In 2005/7 the gambling laws changed. Every UK-based gambling web site or service was obliged to do age verifiction but note, at the time the law changed, there was no real “age verification industry”. The new law, in effect, created a market. Capitalism did its magic. Investors stepped into the space and started to innovate.
Today you never hear about children getting on to a UK-based gambling site, clicking to say they are 18 or above then blowing their pocket money on a horse, football match or whatever. There may be other issues with children and gambling, as new forms of gambling emerge, but enforcing a minimum age on gambling web sites is no longer contested territory. It can be done and is being done, at scale, very rapidly, inexpensively and in privacy-preserving ways which honour the principle of data minimization insofar as the law allows or requires.
A repeat scenario
We are now hearing the same sort of thing from porn companies. The bigger ones are saying they are in favour of age verification to keep children off their sites but unless it is evenly and consistently enforced against all porn sites they insist
(a) it will be “unfair” on them because current or potential customers will simply drift off to less scrupulous alternatives
and
(b)that means it won’t protect children
The cheek of it.
then they added
“It’s not our fault age verification wasn’t around when we started our porn sites” .
Double cheek.
It wasn’t children’s fault either so while kids were being damaged by porn, the porn sites’ owners were being enormously enriched. Where’s the “fairness” in that?
It is repulsive to hear a porn company use a stated concern about children’s welfare as an argument to defend a status quo which they created, which has harmed children from Day One. Crocodile tears doesn’t get close.
Unintended and unforeseen
The history of the internet is littered with stories of how online practices had to change as unforeseen and unintended consequences became apparent. See the story of debit cards above as one such example.
The only remarkable aspect of the porn debacle is it has taken so long to get to this point where real change is at last on the near horizon.
The point being made by porn companies is that, unlike gambling in the UK, where there was a licensing authority (the Gambling Commission) and a relatively small number of sites, with porn there is no central authority and a great many sites in all kinds of jurisdictions which could present enforcement challenges.
Apparently, shady characters are already in these difficult to reach places and if age verification becomes mandatory anywhere but is unevenly enforced, other porn sites would head there and carry on as before leaving the “good guys”, the law-abiding guys in ruins.
Thus, unless and until we (yes, that’s you and me) can find a way to protect the commercial interests of “good” porn companies, we are being told it is simply beastly of us to try to protect children by insisting on them having to do age verification, if only temporarily until their perfect or preferred on-device, operating system and App Store solution emerges.
You couldn’t make it up.
And by the way, I don’t doubt that there are people in the porn industry who do not want children on their sites but that isn’t really the point here. They set themselves up in business in ways which damage children, became very rich as a result and seem unwilling to stop damaging children if their income isn’t safeguarded.
Does anyone truly believe porn companies have recently become energetically engaged with the age verification question because they care about children? I refer you to my last blog and the story of Visa, Mastercard and Pornhub.
The larger porn sites look to me to be sufficiently capitalised to be able to ride out any interregnum or transition period between now and their preferred solution emerging, if that is really what they want.
What I think they actually want is either to stop any and all forms of age verification from gaining traction or delay its implementation for as long as possible or, last line of defence, get everybody else in the internet eco system to pay and be liable for it.
There is an expression in English law which says
“He who comes to equity must come with clean hands”
Porn companies do not have clean hands. They have forfeited any right to appeal to anybody’s sense of fair play as between the very bad and the extremely bad.
Having had too many complaints about my last blog being way too long, and recognising the customer is always right, I will go into more detail on this latter point in my next blog. Soon.
Desiderata 