Verisign Develops Token for Age Verification

FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."

Great...

[cassidyc]

Now instead of just faking up my ID, I can steal someone elses. All it takes is enough drink and the right students.

Still this security thing is jsut a laugh really isn`t it?

sigh.....

CJC

Dumbest Idea Ever

[LaNMaN2000]

This is the dumbest idea in the history of mankind: verifyably identifying children as such on the Internet. Unless, of course, they are trying to help pedophiles find targets that they *know* are too young to be FBI agents.

My rights as an anonymous online individual

[mr. mulder]

So, not only are students going to be forced to carry yet another form of ID, but they'll also have to give a third-party company (Verisign in this case) detailed personal information.

What about student's rights - they have the right to enter chat rooms, etc.

I can envision the next step - restricting web sites based upon age, then it will be restricting web pages based upon being a student, finally, just restricting overall.

Luckily, we won't have to worry about this being a wide-spread problem - the system is too flawed to go very far; however, I feel for those that WILL be made to use it.

Bottom line is that NOBODY should HAVE to use this system - somehow it should infringe upon their right to freedom of assembly. Albeit, a *virtual* assembly, it's an assembly!

Doesn't this violate

[I_am_Rambi]

some type of law? I would want that information to be authenticated that way. If I remember right, parents will have to consent to it first if it is a public school.

What are the students doing in chat rooms during school anyway? Seems that Verisign just wants another way to make money.

EBAY!

[Lifix]

Gosh. If I was a student, I would be snatching these things up like gold, then pawning them on ebay to teh pedofiles.

This only adds a false sence of security, without biometric identification on these usb things, anyone can become a 16 year old male. Lets go chat up NAMBLA and ask them what they think!

Re:Credit card ?

[acceleriter]

I agree it's a dumb idea--but I think it's really a segue into some companies requiring these tokens for everyone who wants to do business with them. The Federal government, for example, has been trying to figure out for years a practial way to give each citizen a public key to be able to, for example, apply for Social Security benefits or file a FEMA claim online. But since the easiest place to put a public key, a National ID card, spawns (rightfully) mention of the Book of Revelation happens every time it's mentioned, USB keys could be an alternative.

Nothing is perfect!

[goldspider]

Why is it that so many Slashdotters piss and moan when any kind of system is released by commercial industry that isn't 100% flawless?

Now maybe I have it all wrong, but I'd say that when it comes to protecting children on the Internet (and yes, it's needed), this is a step in the right direction. Sure it has its flaws, but it's certainly better than nothing at all.

But it seems around here that if something isn't perfect right out of the gate, it's garbage (unless it's Open Source, in which case it gets free pass after free pass...).

Re:Credit card ?

[russint]

Well, I can't get a credit card at all (20 years old) due to bad credit.

Not a very good system.

Changing the world

[AdamHaun]

So every chatroom in existence has to be rewritten in order to use the token scheme? Why would anyone go to the trouble of doing this? If schools want safe chatrooms, why don't they just set up their own network and do the authentication themselves? Expecting the whole world to change to support your authentication scheme seems a little farfetched.

Of course they give it away to the kids, its value

[CFD339]

is to adults. You can't prove you are an adult and thus entitled to something more by NOT having one of these.

The goal to Verisign is obvious -- once they are widespread, you try to get first libraries and then other places to require the use of the "KEY" to use the system to prove your age. As an adult, you'd "need" one, and thus have to pay for it.

Also, its a good first step toward a "universal" (as if) public key. Ideally, imagine something like the Post Office being able to assign a public/private key to you. That's what everyone wanted with these keychain java keyring things talked about in the 90's.

Personally, I hate seeing verisign being given this contract, but I'm not sure someone shouldn't have it.

I'd like to see a U.N. sponsored standard, with countries and or businesses able to register as registrars. The SSL key distribution system we have now works pretty well (if overly expensive).

At a minimum, that same system applied to people as apposed to web server names would go a long way.

Yes, I know all the usual issues apply -- how do you prove its YOU with the key, etc. Lots of discussion on that (which is off topic) and other things. Privacy? What about additional private certificate keys? Well, why not all those things.

Personal ID should have a data component for public key.

Re:If it's just to verify "age and gender" . . .

[Zeinfeld]

. . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

Security is risk management, not risk elimination.

The point of an experiment is to see how significant these issues actually are.

Sharing the token is a bad idea since it will also be used to authenticate to the school web site. If a kid looses the token and has it re-issued then the original is cancelled.

Re:Nothing is perfect!

[jackb_guppy]

This is NOT a step in protecting anything.

1) For a child to be protected, they MUST have the fob.

2) They must use it on presribed machines with the right software.

3) Some big brother is watching out for them.

What this really is a step to personally "brand" everyone. Just like RFID in clothes or under the skin or the tatoos of Germany.

Further you can only be "safe", if you are willing to "pay" for it, including tracking every one of your habits on net.

Re:Credit card ?

[RWerp]

Besides the "problem" of pedophiles in "chat rooms" being completely overblown

You're right. Most pedophiles attack children they know: their own, their family's children or their neighours.

Re:So now the Child Stalkers can...

[Maestro4k]

• Just check the online ID before persuing the child??

  That's gonna cut into the FBI's stake-outs, isn't it?

Doubt it, they'll most likely be able to get fake tokens to use online. The main problem may be that they'll need multiple tokens as they can't be the same "child" constantly as their cover might be blown from time to time (after busts for instance).

Other than that it probably won't matter, if you read the details of the busts the police do make from online contacts the guys were total morons to start with. They didn't arrest some horrid child predator, they arrest some moron who likes kids but isn't bright enough to be successful at it. I'm quite sure the real dangers are far sneakier, after all they know the feds are watching the chat rooms too. Additionally the statistics show that most kids are sexually abused by someone they know, generally family, so online predation isn't what the cops really need to worry about, it's just a way to make it appear they're doing something about the problem.

Re:Credit card ?

[Alranor]

And for those of you across the pond with no idea what he's talking about, it's a misquote from an episode of Brass Eye [amazon.co.uk], in which Chris Morris demonstrates exceedingly well that people are more than willing to suspend their higher brain functions when someone mentions "Please, won't someone think of the children"

from the transcript [glgarden.org] of that episode.

SYD RAPSON (MP Labour) : We believe that paedophiles are using an area of the internet the size of Ireland and through this they can control keyboards.

RICHARD BLACKWOOD (comedian/musician) : Online paedophiles can actually make your keyboard release toxic vapours that make you suggestible. (sniffs keyboard) You know I must say I actually feel more suggestible and that's just from one sniff.

Re:Nothing is perfect!

[bitslinger_42]

Time and time again, we've seen that having no security and knowing it is better than having bad security and not knowing its bad (Maginot Line, anyone?) Most parents who will have their kids participate in this will think "Johnny's got the token, he's completely safe on the Internet" and ignore their kids behavior even more.

Off the top of my head, a better solution would be to use the BMW-type car keys (the ones with the chips in them) and have the computer hardware require the presence of the key to be on (or have internet access, or whatever). That way, at least one parent must have approved of the usage and be physically present for the kids to use the Internet.

A large portion of the problem with protecting children is the parent's responsibility, not the government's, not the school's, and certainly not Verisign's. If the parent's aren't going to monitor their kids and do their due dilligence to make sure the kids are in safe places, then all the tokens/bar codes/subdermal chips in the world won't make a difference.

Re:Credit card ?

[jadenyk]

So someone with bad credit shouldn't be considered an adult? That's pretty bad.

Also, what about people that don't feel comfortable giving out their credit card information for age verification purposes? I don't want my credit card information all over the web.

OK, I'll wear the hat...

[zogger]

... the one made out of shiny flexible metal.

This is just another example of conditioning the younger generation. Get them used to big brotherism and total surveillence/command & control. Goes along with acceptance of constant TV camera monitoring, using a thumb scanner to get a school lunch (how pavlovian can you get?) and other sorts of brainwashed response mechanisms.

We've already got the adult population conditioned to accept things that would have caused lynch mobs 100 years ago, like "random courtesy checkpoints" on the roads.

To the goons, the elite controllers, it's just part of the system, they want willing sheep, controllable herds, and the younger they get them brainwashed the better, then it's "acceptable and normal".

Hey, here's an idea! Why don't we drug the kids in the schools as well? Then we can make them even MORE controllable!

Oh ya, they do that too. Funny how all that stuff ties together.

Re:Credit card ?

[BenEnglishAtHome]

How is it overblown are there only a few dozen kids abducted / molested a year instead of hundreds so it is no big deal?

Exactly.

Freedom has a price. The freedom to travel freely, however you want to, means that a few thousand people a year will die in car accidents. The freedom to speak your mind means that somewhere, sometime, some folks are going to abuse that freedom and incite a riot during which people die. The freedom to keep and bear arms means that some people will be wrongfully shot.

You can't have the good without the bad.

So, yeah, it's not exactly no big deal that only a few dozen kids get hurt a year, but that's certainly nowhere near enough justification to sanction any mechanism that may be even a precursor (as has been pointed out in other postings) to restraining the electronic means of exercising our right to freedom of speech and association.

Dislike this approach

[whovian]

1. The burden would be on children to get an ID. It suggests the children are to blame, when it's the pedophiles who are at fault and should be prosecuted.

2. In the extreme, isn't this a step in the direction of corporate or even government controlled access? It could limit who, when, and where content can be accessed -- if at all.

Re:If it's just to verify "age and gender" . . .

[aonaran]

The point I was trying to make (I realize it didn't come across very clearly) is that they are doing this all wrong. They should only have to provide a count of how many keys of each type they need and V provides them with X keys for 6 yearold males, etc. But it sounds more like they are taking the other approach and using a key with a unique id that links to a database of name age and gender.

The former would do what they seem to want without giving out unnecessary amounts of data to verisign, but the latter is VERY dangerous indeed.

What's to stop this unique ID from being used to collect all kinds of data on the children? who controlls the servers that do the authentication? if it's the school it's not so big a deal if it's some other org (especially Verisign) I'd be very wary of it's use.

Gender?

[Eudial]

Eh, what does gender have to do with anything? Isn't age the relevant part?

Re:Credit card ?

[Anonymous Coward]

I'm not sure how overblown it really is.

I worked at a free web host provider a few years ago and scoured the upload logs for questionable content (warez, porn, etc.) each day.

One kiddy porn site that was put up on a weekend received 20,000 *unique* hits in the 48 hours it was live before we locked it down and handed the info over to the police. And those were mostly visitors from the US and Canada. It really opened my eyes to how much demand is out there for that kind of crap, and the danger kids are in online.

Still, despite the worst-case-scenarios the press love to feed us in their 11 o'clock news briefs, it's education for the parents and the kids that should be the primary focus, gadgets should be secondary.

Re:Credit card ?

[dgatwood]

Actually, yeah. Being an adult is about responsibility. If you can't figure out that you shouldn't spend more money than you make, you are behaving irresponsibly, indicating an inability to associate your actions with their consequences. That is a good psychological definition of childhood.

When people with bad credit grow up psychologically and find help to get out of debt, that's when you should start treating them as adults, and not a moment before. There are plenty of organizations to help people in those situations. All they have to do is pick up the phone and take responsibility. It's a long, slow process back to fiscal solvency, but going through it proves responsibility and maturity in a way that bankruptcy and other cheap fixes don't.

By contrast, if a fifteen-year-old (as mentioned in another post in this thread) is responsible enough to manage his/her own finances without overspending, he/she should be treated as an adult because he/she is acting in a responsible fashion befitting an adult. (The rare occasion is the fifteen-year-old son or daughter of a multi-millionaire who spends without remorse, but fortunately, these are pretty easy to spot for the most part. :-)

In short, age verification by credit card is a much better method than actual physical age because it more accurately reflects the maturity of the individual, which is generally the purpose of an age verification system....

Oh my. I'm starting to sound like my parents....

Re:Credit card ?

[Alsee]

[Some think National ID == Number of the Beast]
No no no, the Number of the Beast is always the same, while National ID numbers should all be unique. The NotB essentially *destroys* identity and makes the bearer an interchangeable unit of someone else's property. The two concepts are antithetical.

I don't believe Revelation, but amusingly I've figured that this sort of system (and Trusted Computing) actually DOES fall in exactly in line with this Number of the Beast thing. Nor are the concepts are antithetical. It can in fact give everyone a unique identity number and simultaneously make the bearer anonymous and interchangeable. There is no need to reveal your identity (or your identity number) when you can anonymously proove that you are properly enslaved by the mark and by the master number

In particular note the distinction between the Mark of the Beast (MotB) and the Number of the Beast (NotB).

The NotB would be the private key of the root public/private keypair. MotBs (plural) would be cryptographic signatures made using that number. The NotB would be cryptographically hidden within each MotB. You can't see it, but it's there.

Obviously no one would ever accept the MotB if they knew/could see the NotB, now would they? However the root private key will be kept secret. In fact it will most certainly be generated inside microchip, unseen by human eyes. We could develop an entire economy and an entire society on top of this number, with no human eyes ever having seen it. The number could be 666 consecutive ones, and no human would even know. This number would be cryptographically hidden inside the root public key and it would be invisibly stamped within every signature (Mark).

Note the reference to being wise and insightful enough to calculate the NotB - exactly in line with public key cryptography! According to the best known methods of all known mathematics, attempting to calculate the number would require over 10,000 years even using every computer on earth. Of course it's always possible that some wise mathemetician will have a new insight - a mathematical insight into factoring. An insight which would let him quickly and easily calculate that number. It is also sobering to consider that those in power could very well go to extremes to surpress that insight and prevent that number from actually being calculated - for to do so would result in a total collapse of the Trusted Computing system and any economy/society built upon it.

And the entire point of the Trusted Computing mark is to make interchangeable units, all effectively property of the holder of the root key. Each time you buy or sell anything, the system generates a completely random number and stamps it with your mark which has been stamped by the master number. Whoever you are doing business with can authenticate this random number has indeed been indirectly stamped the master number, and without revealing your identity. He then knows that you are approved and controlled by the master number, else you would have been unable to properly stamp that random number. You are an an anonymous (interchangeable) person bound by the rules of the Mark.

And where is the MotB to be? Your right hand / forehead. Well, your Trusted Computing device bearking the Mark will figuratively BE your right hand. It will carry out tasks/work for you. It will do your buying and your selling, it will manage all of your finances and your communications and your records and your files for you. However such a device will also figuratively be your forehead. It does calculations for you, it remembers things for you, it will "think" for you.

Those who refuse the MotB are to be beheaded. I doubt people would literally be beheadded for refusing the control (mark) of Trusted Computing, however it could easily be described as a figurative beheadding. Such a person would not only be barred from money transactions, they would be barred from the internet itself. And realize that the internet is rapidly devouring everything, even telephones are moving to VoIP.

-