Liberty News

Britain's cinemas are to introduce digital ID cards for adults and children as proof of age for entry to age restricted films.

The UK Cinema Association, which represents 90% of cinemas, will from Monday accept a digital ID app which confirms the age of an adult or child to box office staff based on a previously uploaded official ID document such as a passport.

The technology, developed by digital ID provider Yoti is part of a wider move towards digital IDs for adults and children where there are restrictions on age-related products.

The Home Office is trialling Yoti's AI facial photo checks that can estimate age and its apps at supermarket checkouts to prevent children buying alcohol. If successful, ministers will consider amending the law to allow digital age checks for alcohol sales. It is not allowed under current legislation.  About 3 million Brits have already downloaded the Yoti app.

To obtain the digital age ID app, the person has to prove identity with a document such as a passport then take a live picture to confirm. The information is stored in a government-grade database that Yoti  claims it does not have access to and which can be erased at any time by the individual. However it should be noted that similar systems used for online ID generally maintained a full database of usage supposedly for 'fraud prevention' auditing.

The digital ID card shows the verified photo of the individual and their age as over 18, 15 or 12. There is a hologram on the card that moves when the phone is tilted to prevent spoofing. However this suggests that phones will have to be handed over to cinema staff to check the hologram.

India's cybersecurity censor, the Computer Emergency Response Team (CERT-In), will require  cloud and VPN providers to register their users. Custodial wallets, exchange, virtual asset providers, cloud providers and even VPN providers will have to keep records of their customers (KYC) and records of financial transactions for five years. Service providers will maintain logs of their systems for 180 days.

This would defeat the purpose of using a VPN and creates honeypots of data that could be misused for surveillance or stolen.

CERT-In are claiming that the new requirements will improve the overall cybersecurity posture and ensure a safe and trusted internet in India.

Update: VPN Providers Threaten to Quit India

6th May 2022. See article from wired.com

VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data204and maintain it for five years or more204under a new national directive. VPN providers have two months to accede to the rules and start collecting data.

...

There's a worry other, more liberal governments will follow the Indian-Chinese model, too. Attacks on end-to-end encryption are commonplace in the UK, while the US joined India, the UK, Japan, Australia, and New Zealand in signing an international statement asking for backdoor access that would subvert encryption standards.

Read the full article from wired.com

Update: India's New VPN Policy Explained

10th May 2022. See article from beebom.com

A good write of how Indian government policies will effect the use of VPNs in India

The UK government has announced that it is funding five projects to snoop on your device content supposedly in a quest to seek out child porn. But surely these technologies will have wider usage.

The five projects are the winners of the Safety Tech Challenge Fund, which aims to encourage the tech industry to find practical solutions to combat child sexual exploitation and abuse online, without impacting people's rights to privacy and data protection in their communications.

The winners will each receive an initial £85,000 from the Fund, which is administered by the Department for Digital, Culture, Media and Sport (DCMS) and the Home Office, to help them bring their technical proposals for new digital tools and applications to combat online child abuse to the market.

Based across the UK and Europe, and in partnership with leading UK universities, the winners of the Safety Tech Challenge Fund are:

• Edinburgh-based Cyan Forensics and Crisp Thinking, in partnership with the University of Edinburgh and Internet Watch Foundation, will develop a plug-in to be integrated within encrypted social platforms. It will detect child sexual abuse material (CSAM) - by matching content against known illegal material.
• SafeToNet and Anglia Ruskin University will develop a suite of live video-moderation AI technologies that can run on any smart device to prevent the filming of nudity, violence, pornography and CSAM in real-time, as it is being produced.
• GalaxKey, based in St Albans, will work with Poole-based Image Analyser and Yoti, an age-assurance company, to develop software focusing on user privacy, detection and prevention of CSAM and predatory behavior, and age verification to detect child sexual abuse before it reaches an E2EE environment, preventing it from being uploaded and shared.
• DragonflAI, based in Edinburgh, will also work with Yoti to combine their on-device nudity AI detection technology with age assurance technologies to spot new indecent images within E2EE environments.
• T3K-Forensics are based in Austria and will work to implement their AI-based child sexual abuse detection technology on smartphones to detect newly created material, providing a toolkit that social platforms can integrate with their E2EE services.