Original URL: http://www.theregister.co.uk/2004/09/24/verisign_age_verification_token/

Now we are 8 (and this token proves it)

False sense of security for sprouts

By Thomas C Greene

Posted in Security, 24th September 2004 14:02 GMT

VeriSign announced a new USB token that verifies the ages and sexes of children using a computer, and claimed that this will make it easier for innocent sprouts to avoid online predators, Reuters reports.

"Chatroom lurkers who can't prove their age will stick out like sore thumbs as more kids adopt the tokens," the wire service explained.

The so-called i-Stik USB token will provide verification of a child's age and sex. School administrators will provide lists of students, with their dates of birth and sexes, and VeriSign will encode that information onto the i-Stick tokens.

The scheme will begin with a handful of schools for testing this Fall, and, if all goes according to plan, be extended to thousands of schools starting next Spring.

That is, assuming its glaring flaws don't become painfully evident by that time. Most obviously, the token will not verify age or sex of the person using it, but only of the person to whom it was issued. Anyone might be using it, and no doubt paedos will be scrambling to get their hands on one of their own, either through loss, theft, or bribery. Once the tokens become popular and widely available, one can expect a brisk trade in them on paedo bulletin boards.

(Naturally, the Feds will have to be supplied with plenty of these gizmos, so that they can spend their days hanging out in kids' chatrooms with better cover.)

Meanwhile, parents will be lulled further into foolish notions that an Internet-connected PC makes for an adequate electronic babysitter. The Internet is adult space, and there is no substitute for parental supervision. If this scheme does anything to produce a false sense of security among parents, then it's worse than nothing; it's actually dangerous.

One thing that the tokens will be good for is online marketing to children. Marketers will be able to get a more accurate sense of the ages and sexes of young visitors to various online venues, and target them more precisely.

It will also make for decent PR and corporate image-making for VeriSign, suggesting that the company takes the safety of children seriously. Most importantly, it will produce a nice revenue stream from a basically worthless product that school districts will purchase with tax dollars.

In all, it's a win/win gimmick and publicity stunt, so long as child safety is not a criterion for judging its success. ®

Correction In our story regarding VeriSign's i-Stik USB token for children, we said that "school districts will purchase [them] with tax dollars." VeriSign would like it known that it will pay for the pilot programme, and that online child protection outfit i-SAFE America will fund expansion with federal grant money and private donations. Thus we should have said that the scheme, if it should succeed, will eventually need additional public funds, which might or might not come from school district budgets.

Thomas C Greene is the author of Computer Security for the Home and Small Office, a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux.

Related story

RSA cosies up to AOL as VeriSign enters token market