<http://www.theregister.co.uk/2004/09/24/verisign_age_verification_token/print.html> The Register Biting the hand that feeds IT The Register » Security » Identity » Original URL: http://www.theregister.co.uk/2004/09/24/verisign_age_verification_token/ Now we are 8 (and this token proves it) By Thomas C Greene (thomas.greene at theregister.co.uk) Published Friday 24th September 2004 14:02 GMT VeriSign announced a new USB token that verifies the ages and sexes of children using a computer, and claimed that this will make it easier for innocent sprouts to avoid online predators, Reuters reports. "Chatroom lurkers who can't prove their age will stick out like sore thumbs as more kids adopt the tokens," the wire service explained. The so-called i-Stik USB token will provide verification of a child's age and sex. School administrators will provide lists of students, with their dates of birth and sexes, and VeriSign will encode that information onto the i-Stick tokens. The scheme will begin with a handful of schools for testing this Fall, and, if all goes according to plan, be extended to thousands of schools starting next Spring. That is, assuming its glaring flaws don't become painfully evident by that time. Most obviously, the token will not verify age or sex of the person using it, but only of the person to whom it was issued. Anyone might be using it, and no doubt paedos will be scrambling to get their hands on one of their own, either through loss, theft, or bribery. Once the tokens become popular and widely available, one can expect a brisk trade in them on paedo bulletin boards. (Naturally, the Feds will have to be supplied with plenty of these gizmos, so that they can spend their days hanging out in kids' chatrooms with better cover.) Meanwhile, parents will be lulled further into foolish notions that an Internet-connected PC makes for an adequate electronic babysitter. The Internet is adult space, and there is no substitute for parental supervision. If this scheme does anything to produce a false sense of security among parents, then it's worse than nothing; it's actually dangerous. One thing that the tokens will be good for is online marketing to children. Marketers will be able to get a more accurate sense of the ages and sexes of young visitors to various online venues, and target them more precisely. It will also make for decent PR and corporate image-making for VeriSign, suggesting that the company takes the safety of children seriously. Most importantly, it will produce a nice revenue stream from a basically worthless product that school districts will purchase with tax dollars. In all, it's a win/win gimmick and publicity stunt, so long as child safety is not a criterion for judging its success. ® Thomas C Greene is the author of Computer Security for the Home and Small Office (http://basicsec.org), a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com