07 December 2007

About Age Verification

Second LifeAge Verification has gone Beta. As excited we were to hear about WindLight Beta, as outraged you may say we are to hear about Age Verification. Do we really, really need it? What's to lose when you have nothing to hide? Why is it really here?

From Knowledge Base's Age Verification FAQ:
"Why do we need it?
While not foolproof, age verification can provide an additional layer of trust for inworld businesses and Residents. It also helps ensure that minors can't gain access to inappropriate adult, mature content in Second Life."

Ok, after reading that I'm stuck with the question "Why do we need it?" In other words, the answer is no answer. Maybe it is for LL's lawyers, who also took out the phrase "Imagined, created and owned by its Residents" (2) (3) from the front page, but not to SL Residents. Besides, it's full of "maybes": "While not foolproof", "[it] can provide a(...) layer of trust", "It (...) helps ensure that minors can't gain access (...)" (emphases mine). So it's not even 100% sure! Then why do we need it?!

As you may know, I'm a member of the online Art community deviantART. Everybody is allowed to sign up and post art, including artistic nude. And while artistic nude photos may be flagged "Mature", minors can still view it at their own risk. (Note: I'm not sure if that's still the case today though)
And even then, it's artistic nude, not plain porn:

And do we really need to shield our precious children's eyes from sex? Pretend it doesn't exist, they'll never know! That's the general American way of thinking (no offense to those who are not so uptight). Well, telling your kids nothing about sex sure helps, right? It's exactly why the US has the highest teen pregnancy rate in the western world. For that fact alone, Age Verification in SL will only contribute to that!

Therefor, the answer to the question "Do we need Age Verification?" is "No!" and that makes the question "Why do we need it?" redundant.

If you visit the Age Verification page, you'll be asked your full name, address and passport number, or SSN or SIN or PIN or Drivers license (also note how you can even use 2007 as DOB, oh yeah, my two-weeks-old nephew has a SL account :|). If you enter the necessary fields, you state that you "consent to its verification against public records or government-issued identification". But they fail to mention they also gather your IP address! And it's this IP that's apparently used for the verification. Aristotle Inc's Press Contact Michael Colopy briefly said this before the House Committee on the Judiciary, November 14, 2007:
"The question sometimes arises: in the web world, how can a governmental jurisdiction mandate the exclusion of persons entering online from outside its authority? The method is known as IP geo-location. It’s true that some IP addresses can only be identified at a country level. And there are certain types of proxies and satellite IPs that prevent us from geo-locating and that the geolocation technology can’t be applied to long-distance modem dialup calls (e.g., a user from California calls a dialup number in New York).
The good news is that we can identify these types of IP addresses. And these IP addresses are assigned low confidence scores."

Oh, wait a second. Let's have a good look here. Mr. Colopy was standing in for Aristotle Inc.'s CEO John Aristotle Phillips (aka The A-Bomb Kid):
"I am here as a stand-in for John Phillips, the CEO of Aristotle Inc. whose age and ID verification system, INTEGRITY, is the backend of the effective system in the unscripted test you just saw."

Ah, so Integrity is the backend of the system (thus a system) of the company Aristotle Inc. Oh yes, that's exactly what's told to us Residents:
"Aristotle and Integrity are different divisions of a single company, but they are seperate. Aristotle has no access to data managed by Integrity. No one has access to the data Linden Lab send to Integrity"

We have already seen this is likely not true, Integrity is a system by the CEO of Aristotle Inc. If Aristotle has no access to Integrity's data, they cannot run the system. It's like saying Linden Labs has no access to Second Life data.

More from Tao Takashi:
"The data is never saved (as I understand it also not by Integrity). It’s matched only. Nothing can be sold, shared, or even viewed. This is “enshrined” in their contract, as Daniel put it."

While Integrity says:
"Personally identifiable information provided for purposes of age and identity verification to Aristotle and its Integrity unit is used only for that purpose, and is not transferred or retained, except as required by law."

So the information is transferred and retained as required by law. It's like saying "I don't eat anything at all, except when I'm hungry" and then claiming you have never in your life eaten anything.

And isn't it strange that an organization specialised in political campaigns can provide Voter Data using their COSMOS database, use the exact same database for Age Verification? So basically they're linking political beliefs, age, RL name and address, IP address and e-mail address and based on that info they can allow or deny people's access to websites and in SL inworld parcels.

Basically, a politically active organization, probably gets laws passed by licking politician's arses and then offer their Verification services to online companies who are forced to follow Aristotle/Integrity's own laws! It's like George W. Bush changing laws so he can do whatever he likes and make more money. Oh wait...

So Integrity's... integrity is imho fishy, at best. I would most certainly not trust them with my personal information. For now, Age Verification in SL is voluntary, but I'm very worried it won't be within the next few years. We don't need it! We already agreed we provided correct info when we signed up, that is enough! Should someone turn out to have lied about it, it is his own responsibility, so LL is nothing to blame.

Somehow though, I'm thinking this all may have been foreseen...

No comments: