Papers please: nationality checks for the British internet?

Over the course of the debate on how to tackle online harms, we’ve drawn attention to the risks to digital and human rights which can arise when technical solutionism meets poorly drafted legislation. It’s our job to work through the unintended consequences of these plans, even when they may seem like the stuff of science fiction. After all, if government’s recent track record on digital has taught us anything, it’s that the worst-case scenario of our wildest imaginations tends to becomes official government policy overnight.

It’s for those reasons that we want to call attention to a particularly sinister proposal, intended for inclusion in the Online Safety Bill, that will make the calls for mandatory age verification processes look like child’s play. We hope that with your help, the proposal will remain on paper where it belongs.

The plan comes together

As we’ve previously explained, the draft Bill includes provisions which will mandate age verification or age assurance processes onto all sites, services, or applications offering user-to-user content or communication which can be accessed in the UK. This will mean age checks on sites and services with user-to-user content or communication across the board, meaning all content, all sites, all services, and all users, all the time, regardless of scope, risk, or proportionality, excepting sites which are deemed ‘child safe’.

You will need to do this not to shield children from subjectively harmful content, but to achieve your compliance requirements; and as the Bill has been drafted, you will be compelled to do this at the risks of penalties, sanctions, and even the threat of personal arrests.

We know that politicians – very few of whom are tech-savvy, and most of whom think of “the internet” as five or six big tech platforms – are taking their cues on these matters from surveillance tech vendors and their industry lobbyists, who are keen to leverage the Online Safety Bill as a lucrative opportunity to build a captive market for their products. Government’s recent moves to deregulate privacy regulations and user rights in the interests of the private sector – in other words, allowing them to capture, exploit, and sell more information about you, whether you like it or not – are a deliberate gesture of support to this very British sector. Throw in various lines about “keeping us safe” and “protecting children”, and the stage is set for an erosion of personal rights, and an escalation of state intrusion into private life, in front of our very eyes.

It was in that spirit that a lobbying group recently wrote an astonishing briefing for Parliamentarians who hold influential roles over the Online Safety Bill, advising them to use the legislation to expand the scope of mandatory age verification across the British internet to even further areas of personal and private data.

Your papers, please

In the briefing (pdf), the Digital Policy Alliance advised MPs that “different types of online activity require different levels of accountability and/or different attributes to be verified,” and proposed that users – like you and me – should have to verify not just our name, and not just our identity, but our nationalities, in order to interact with each other, or even share information with each other.

Here’s how surveillance tech lobbyists would like the British Internet, under the Online Safety Bill, to work:

Screen shot of a table outlining the lobby group's proposed verification checks. It suggests that to share universally accessible content, internet users must provide their full name and nationality. To share "age restricted" content, they must provide their age, full name, and nationality. For "universally acceptable interaction with other users", they must verify their age, full name, and nationality.

When confronted about why on earth someone would need to upload their passport to verify their national identity to shop online, read a newspaper, or chat with their social circle, lobbyists will fudge an answer about needing that information to know which country’s digital legislation to apply to the user – for example, they might tell you that the data would help them know that the user needs to be covered by European privacy law. But that’s nonsense. Mandating and holding that information as a condition for access to information, or human interaction, is neither necessary nor proportionate, nor does it have a place in a liberal and free society.

What’s also nonsense is the notion that services doing business in the UK, whether the smallest start-up or the largest company, will appreciate being compelled to become government-mandated collectors of age, identity, and nationality rosters of everyone who so much as visits their site or downloads their app, on the assumption that every one of those individuals is complicit in criminal activity, and that is is somehow the service provider’s job to surveil and police these members of the public for these presumed misdeeds.

It’s also worth remembering that the Bill’s scope will cover any subjective legal topic or subject which could possibly cause upset to anyone under the age of 18. So when lobbyists use terms like “age sensitive” and “age restricted” content, they’re not just referring to explicit adult material. They’re referring to anything and everything on the open web, regardless of the age of the viewer. To them, it’s all money in the bank.

A hostile environment

In practice, where might this chilling combination of mandated nationality, age, and identity verification requirements lead, especially in a political climate which constantly seeks to divide the public against each other? We can imagine a few dystopian possibilities:

  • No encrypted private messages for people with Muslim surnames
  • No access to NHS information resources for people unable to prove their British nationality
  • Pre-moderation of all private messages sent by under-18s
  • The blocking of access to certain sites and information for British nationals only
  • Conditional encryption for students and newly arrived legal migrants
  • No ability to send private messages to friends who have not verified their nationalities
  • Employer requests to news sites to view a potential employee’s news reading history
  • Government requests to platforms to view a jobseeker’s applicant ’s browsing activity
  • Home Office requirements for visa holders’ internet activity to be monitored and reviewed

The list could continue on as dark as your imagination would like, but make no mistake: we have heard suggestions such as these proposed as positive benefits of mandatory ID and nationality verification to policymakers.

These ideas are present in their minds as the draft Online Safety Bill, currently in the pre-legislative scrutiny phase, heads ever steadily towards a vote.

We know there are no easy solutions to online harms. But we also know this: we will not get to grips with online harms by creating new ones. We will not address societal injustices by fostering deeper divisions. And we will not make the Internet a safer place to be online by making our society an unsafer place to exist.

The message to our politicians, and to yours, must be clear. The Online Safety Bill must not be used to mandate nationality checks across the internet. Your name, your age, and your nationality must never be used against you, either online or off, as you find your identity, find your tribe, and learn how to express what you believe.

Hear the latest

Sign up to receive updates about Open Rights Group’s work to protect our digital rights.