Tinder and Grindr, two of the most popular dating apps on the planet, are under investigation by the government after law enforcement officials had investigated more than 60 cases of sexual abuse of children facilitated by online dating and 30 cases of rape of a minor who managed to use the apps despite being underage. Those were the findings of a recent Sunday Times investigation, and it led to the culture secretary Jeremy Wright telling the publication:
“I will be writing to these companies asking what measures they have in place to keep children safe from harm, including verifying their age,” he reportedly said. “If I’m not satisfied with their response, I reserve the right to take further action,” he added.
Both companies claim they use a combination of algorithms and human screening tools to ensure that children do not use their apps – but shouldn’t the companies who profit from the provision of these services shoulder the responsibility of keeping their users safe, and therefore, invest in age verification technologies or processes that actually work?
The role of the CTO in the identity verification industry
The findings from The Sunday Times are shocking, and all dating apps should take note that this isn’t just a user problem or a parental issue, this is an area they all need to rectify; at the end of the day these are children in our communities that are being targeted, and keeping them safe should be a priority.
But according to Rupert Spiegelberg, CEO of IDnow, an online identify verification service, there is no robust age verification process on Tinder, Grindr or other social media sites.
“It’s not difficult to create a profile using a stolen identity or fake date of birth because right now there is no method in place to verify that person’s age,” he says.
That has stemmed from some confusion – possibly intentional – as to whose job it is to do the verifying.
“I think most websites pose the question in a way that puts the onus of verification on the user – by asking ‘please enter your age’,” says Paul Bischoff, privacy advocate with Comparitech.
But Spiegelberg suggests that social sites, including dating apps, needed to use similar due diligence processes traditionally associated with financial transactions to prevent fraudulent activity.
Solving the problem of identity verification for millennials
In the digital world, proof of identity is becoming more challenging for the most sought after consumer – the millennial – and major financial institutions are suffering from not being able to tap into this market
Online age checks are mandated by the 2017 Digital Economy Act, and this spurred on many new companies to innovate in this space. Alastair Graham, CEO of one of these platforms, dubbed AgeChecked, says there have been advancements in two areas.
“Firstly, new methods that can verify a customer’s age without relying on personal information databases have developed. This has increased the overall reliability of verification. Secondly, new standards and technologies have increased the adoption of ‘verify once, use many times’ age checks,” he says.
However, the reliability of these technologies is in question; firstly from an accuracy standpoint, and secondly from a security and privacy perspective; if personal data such as a passport or government ID is uploaded to prove age, does the dating app then store this data, and what if, like many other organisations, it is the subject of a data breach? The consequences could be catastrophic. That’s not to mention the fact that social media sites do not have a system in pace where a person’s ID and age can be precisely verified.
Operators will become guardians of identity in the digital galaxy
Despite this, Dean Nicolls, VP of global marketing at Jumio, suggests that users should take picture of their government IDs with their smartphone, and dating apps should use identification verification companies to analyse the picture of the ID and determine if it is authentic or if it has been digitally altered. As an extra step, they should request a selfie – just in case the ID was stolen – and compare the person in the picture on the ID. They can then also extract the data of birth from the IDs.
“The entire process takes less than one minute and establishes the real identity and age of every user,” he says.
But any private information – whether it is a credit card, driver’s licence or passport – would be risky to hand over to any company, so what other technologies could organisations use?
Just last week, Yoti announced a partnership with social networking app Yubo, which would see the implementation of its ‘age scan technology’. Yoti’s CEO and co-founder Robin Tombs, says that the company uses AI and facial recognition software to verify a person’s age.
Cyber espionage: US Senators urge DHS to probe foreign VPNs over national security concerns
Two U.S. Senators have expressed concerns that federal government employees may be jeopardising the nation’s security by using Virtual Private Networks (VPNs) made by foreign companies, William Chalk takes up this tale of cyber espionage.
“This technology is based on a computing technique known as a neural network, and measures someone’s face against a database containing thousands of other age-verified faces before making an estimate about the age of the original. The software then flags suspicious accounts that might fall outside of the approved age range,” he explains.
Other ideas include using third parties which have their own identity programmes or getting the help of the other companies involved in enabling such dating apps to work.
“Experian, Equifax and TransUnion could play a role, and there are options of using AI to monitor the data or activity of minors – meaning mobile, internet and app providers all jointly take a role in mining the data to ensure nothing suspicious is taking place, and red flagging the activity,” says Richard Slater, principle consultant at Amido.
But this could lead to an invasion of privacy for users; and most worryingly of all, those minors that are trying to avoid being detected may choose to use the apps without such security on them – and those targeting the minors would do the same.
There therefore has to be some sort of government enforcement on how reliable age verification processes should be, and the extra steps necessary to ensure that children are kept safe all the time – even if these are not to do with technology.
Whitehall needs to act now before more people are hurt; this isn’t a small issue that can be dismissed – it can affect people’s lives forever.