Internet Society of Australia
A Chapter of the Internet Society
ACN 076 406 801
Mr Jon Porter
Online Services Content Regulation
Australian Broadcasting Authority
PO Box Q500
Queen Victoria Building NSW 1230
online@aba.gov.au
The Internet Society of Australia (ISOC-AU)
Submission on
Consultation Paper - Restricted Access Systems
Section 2.7 states that the ABA must have an "aim of minimizing the financial and administrative burdens on the Internet industry". Given the short time frame and for which an acceptable scheme will be outline by the ABA and the declaration tabled in Parliament this will be difficult to achieve. There is a very short time frame for content providers which may have to implement these systems, certainly causing them a financial and administrative burden.
In Section 3. Functions it is stated that "the applicant will need to input in full, on each occasion, the issued PIN or password and date of birth". Most standard Web authentication systems require a username/password entry - altering this to be a PIN/date-of-birth system is not a developed technology and will have associated costs as well as security implications. Access in fact may become easier for children trying to use a parent's restricted account, as the date-of-birth is likely to be well-known to the child.
Given existing authentication methods, this process may also be automated in the client's browser software without any awareness of the content provider, so would not mean that the person using the browser was in fact the person being authenticated.
A significant amount of information is required at time of lodgment of the application, which is not required for other forms of restricted material, or for proof-of-age transactions like alcohol purchase. Information such as the address of the applicant and credit card details serve no purpose in age verification and reduce the anonymity of any person seeking registration.
This proposal will lead to the creation of databases of private information that may be marketed without the users' consent, that have no formal controls by the consumer, and that may lead to potential abuses of sensitive data for spam, fraud or blackmail.
Privacy is one of the top-ranking issues accounting for low consumer confidence in Internet ecommerce - this potential for embarrassing breaches of privacy will not assist the take-up of new technology.
If these details are to be recorded there is no indication of how long the information should be stored and who may have access to it. Consumers have no recourse for removal of details over time, including access and log data. Potential abuse of this information is unlimited.
The requirement for credit card details assumes that the content provider is charging for material. There is no presumption that restricted material will require credit card payment and the collection of credit card details only seeks to reduce the anonymity of persons seeking registration. It is also not current bank policy to permit details of credit-card owners to be released, so the details cannot be used for personal authentication or age verification.
Digital certificates are proposed as an alternative proof of identity, however minors are not restricted from obtaining digital certificates, so they cannot be used for age verification.
The Society appreciates the need for the ABA to meet the requirements of the legislation and to provide guidelines for a `restricted access system'. However any system proposed must be no more restrictive than for the same material in other media, and anonymity and privacy of individuals must not be put at risk.
It is recommended that restricted access systems require only usernames, passwords and a declaration that the individual is 18 years or older. The Consultation Paper should also be referred to the Privacy Commissioner before any further development takes place.
Kate Lance
President, ISOC-AU
10.11.99