Verisign Develops Token for Age Verification

FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."

Credit card ?

[mirko]

In most countries, credit card authentication was used to ensure one had reached the legal age...
In which situations wasn't it enough, besides the goatse ?

Re:Credit card ?

[Paleomacus]

Well when I was 15(in 1996) I was able to get a debit card that could be used for 'adult' verification. Doesn't seem like a very good system to me.

Re:Credit card ?

[acceleriter]

This is about making sure you're a kid, not that you're an adult. The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."

Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?

Re:Credit card ?

[ninthwave]

And what kid wouldn't trade there cheap token for a chat room that they see as stupid to some grimy adult for something else?

Re:Credit card ?

[jmcmunn]

Yeah, because we all know that none of the pedophiles out there have kids of their own who might leave this key plugged in, or laying on the desk for dad/mom to use?

This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18. Big deal, a USB key that tells someone I am young. It'll be 2 days maximum until some geek gets ahold of one and then you can buy them online for $25 +S/H.

Re:Credit card ?

[acceleriter]

I agree it's a dumb idea--but I think it's really a segue into some companies requiring these tokens for everyone who wants to do business with them. The Federal government, for example, has been trying to figure out for years a practial way to give each citizen a public key to be able to, for example, apply for Social Security benefits or file a FEMA claim online. But since the easiest place to put a public key, a National ID card, spawns (rightfully) mention of the Book of Revelation happens every time it's mentioned, USB keys could be an alternative.

Re:Credit card ?

[oolon]

I recon a pedophile would be able to buy a token off a kid of a small ammount of money, if you were 12 and someone offered you 200 bucks for a silly bit of plastic someone gave you... I think there would be many takers.

The problem with all these ID shemes is aways tying the token to the right person until computers have mandated biometic id readers this is never going to work with remote computers.

Personally I think the best solution if for parents to take an interest in what their children are up to rather than seeing the internet as a why to keep them quiet. Someone will aways slip though the net, the best way for children to be kept safe is education, they need to know people lie, cheat, steal, and there are bad people in the world who would not think twice about killing someone else.

James

Re:Credit card ?

[russint]

Well, I can't get a credit card at all (20 years old) due to bad credit.

Not a very good system.

Re:Credit card ?

[clifyt]

And now they are giving these things to much younger kids. Its a good way of giving allowance to kids without giving them cash that the bigger kids can steal -- or if they loose it, it can be canceled and the money protected....err...in theory because debits don't carry the same protection credit cards do, but most banks will try to give you close to the same.

Beyond that, when I run a credit card, my business doesn't get to know if its a debit card or not. When I'm on the road, I use my business's debit card that doesn't look anything like the cheesy consumer debits that go out of their way to let the person swiping it know its not a real credit card regardless of the visa logo. For instance, while in North Carolina a few weeks ago, I handed over my personal debit card to rent a car -- rejected. I then give then the business one, accepted -- same bank -- same type of card -- different look.

I'm convinced that the card companies don't tell anyone if its debit or credit and they have just compiled lists of acceptable CC Prefixes.

So no, having a credit card these days means nothing because of as the parent indicated -- debit cards are everywhere and anyone can get them.

Re:Credit card ?

[Zeinfeld]

In most countries, credit card authentication was used to ensure one had reached the legal age... In which situations wasn't it enough, besides the goatse ?

The point of the token is to prove that you are a minor and thus should be allowed into kids only chat rooms.

The idea of the experiment is to see if the scheme is effective in keeping pedophiles and stalkers out.

Re:Credit card ?

[Maestro4k]

• This is about making sure you're a kid, not that you're an adult. The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."

Of course there's not much to stop a smart pedophile (or pedophiles) from finding a way to create their own tokens (what age do you want to be today?) or just stealing them. The article makes it sound like the tokens may contain the kid's names, age and gender, not just age. I'm sure the pedophiles who are on the chat rooms will appreciate knowing that it's really a kid instead of a police officer on the other end.

Another thought: if they do uniquely identify each kid losing one could open up realms of bullying that are scary. Imagine being able to "prove" you're another kid. Then you go online and tell off all their friends, make lots of enemies, etc. until the lost token's reported and a new one isssued. Poor kid gets back online and faces all his/her online friends refusing to talk to him and complete strangers cussing them out for something they didn't do. Brilliant system.

• Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?

Either that or it's an FBI dream that they'll be able to tell who's really kids online (and of course be able to obtain fake tokens to use when trolling the chat rooms for pedophiles). Personally I agree with you on it being overblown, I suspect the majority of "kids" online talking to "pedophiles" are law enforcement and vigilantes trying to set each other up, neither realizing the other party's not who they think they are.

Re:Credit card ?

[RWerp]

Besides the "problem" of pedophiles in "chat rooms" being completely overblown

You're right. Most pedophiles attack children they know: their own, their family's children or their neighours.

Re:Credit card ?

[halowolf]

Doesn't seem like a very good system to me.

As these hapless victims could attest. You sir would be right.

Re:Credit card ?

[Alranor]

And for those of you across the pond with no idea what he's talking about, it's a misquote from an episode of Brass Eye, in which Chris Morris demonstrates exceedingly well that people are more than willing to suspend their higher brain functions when someone mentions "Please, won't someone think of the children"

from the transcript of that episode.

SYD RAPSON (MP Labour) : We believe that paedophiles are using an area of the internet the size of Ireland and through this they can control keyboards.

RICHARD BLACKWOOD (comedian/musician) : Online paedophiles can actually make your keyboard release toxic vapours that make you suggestible. (sniffs keyboard) You know I must say I actually feel more suggestible and that's just from one sniff.

Re:Credit card ?

[Lumpy]

The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."

it will take exactly 3 seconds for these toatart appearing on the black market and sold to those sicko's.

as for the "pedophile problem in chat rooms" being overblown... My daughter hang's on a couple of websites/chatrooms that are pure kid, and LITTLE kid related. while sitting there with her i nthe chat forum a sick-asshat that was asking her age, started asking her if she knew what a blow-job was, and asking other questions that made it obvious he was an adult.

This is on the fricking NeoPets website. a site geared for little kids about a little kids toy.

sorry, it is a big problem and most parents do not monitor their child's net access closely which makes it an even BIGGER problem.

when I have to explain to her that posing a photo of herself on the net for her friends to see is a really bad idea, things are certianly not "overblown".

Re:Credit card ?

[SwissCheese]

A credit card is a short-term interest free loan assuming you pay it off at the end of the month. You get the bill and pay if off if the charges look correct.

A debit card is linked directly to your checking account. As soon as the card is swiped, the funds are already being transferred out of your account.

It's still a debate in my household as to which is the preferred one to use.

Re:Credit card ?

[FrankHaynes]

Ask anyone who actually knows the facts about this hot-button topic and you will learn that the huge majority of offenders are known to the child, typically a family member. They are not meeting each other online in the first place.

Yes, this evil, murky boogey man lurking around every chat room corner is overblown. But, because it makes parents' blood boil the law makers and authorities can get away with murder by bringing it up.

And of course we know that these keys cannot be spoofed or duplicated. Verisign says so.

Another poorly thought-out technical solution to a Human problem.

Re:Credit card ?

[jadenyk]

So someone with bad credit shouldn't be considered an adult? That's pretty bad.

Also, what about people that don't feel comfortable giving out their credit card information for age verification purposes? I don't want my credit card information all over the web.

Re:Credit card ?

[BenEnglishAtHome]

How is it overblown are there only a few dozen kids abducted / molested a year instead of hundreds so it is no big deal?

Exactly.

Freedom has a price. The freedom to travel freely, however you want to, means that a few thousand people a year will die in car accidents. The freedom to speak your mind means that somewhere, sometime, some folks are going to abuse that freedom and incite a riot during which people die. The freedom to keep and bear arms means that some people will be wrongfully shot.

You can't have the good without the bad.

So, yeah, it's not exactly no big deal that only a few dozen kids get hurt a year, but that's certainly nowhere near enough justification to sanction any mechanism that may be even a precursor (as has been pointed out in other postings) to restraining the electronic means of exercising our right to freedom of speech and association.

Re:Credit card ?

[mikemulvaney]

This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18.

Those pages are actually good for something. If you hit one and don't want to see the porn, you can go somewhere else. This is a good thing for people who aren't actually looking for porn.

Yesterday, when I was at work, I was trying to do some quick research about a grill I wanted to buy. I went to google and accidentally searched for 'girlls', which led to some interesting hits. I didn't visit any of those sites, and did a search for 'grills' instead. A few minutes later, I hit 'back' one time to many, and through some unknown sequence of keys, I either submitted a "I'm feeling lucky" or selected that first hit, and my monitor was filled with pictures of black-teens-ebony-sex. Luckily no one can see my monitor in my office, but still.

Re:Credit card ?

[dgatwood]

Actually, yeah. Being an adult is about responsibility. If you can't figure out that you shouldn't spend more money than you make, you are behaving irresponsibly, indicating an inability to associate your actions with their consequences. That is a good psychological definition of childhood.

When people with bad credit grow up psychologically and find help to get out of debt, that's when you should start treating them as adults, and not a moment before. There are plenty of organizations to help people in those situations. All they have to do is pick up the phone and take responsibility. It's a long, slow process back to fiscal solvency, but going through it proves responsibility and maturity in a way that bankruptcy and other cheap fixes don't.

By contrast, if a fifteen-year-old (as mentioned in another post in this thread) is responsible enough to manage his/her own finances without overspending, he/she should be treated as an adult because he/she is acting in a responsible fashion befitting an adult. (The rare occasion is the fifteen-year-old son or daughter of a multi-millionaire who spends without remorse, but fortunately, these are pretty easy to spot for the most part. :-)

In short, age verification by credit card is a much better method than actual physical age because it more accurately reflects the maturity of the individual, which is generally the purpose of an age verification system....

Oh my. I'm starting to sound like my parents....

Re:Credit card ?

[jadenyk]

So you're saying that over 1/2 of [legally] adult Americans who are in debt (I couldn't find stats for other countries, not that I looked hard) aren't adults?

There's more to life, the universe and everything than money. Money doesn't make a person. Every day, people fall on financial hardships and sometimes need to over-extend themselves just to get by. Especially in this economy (though, yes, it is getting better).

Responsibility should be judged on many different things than how much money one has. How about how they treat others or how they conduct themselves? Does the neighborhood crack-head who lives off of welfare and hand-outs but happens to be in great financial shape since he has little to no bills deserve to be called an "adult" over the guy who works his 9-5, stays clean and sober, drives the speed limit and goes to church every Sunday, but since he got laid off and works at BK for minimum wage, his bills have been late?

Re:Credit card ?

[Alsee]

[Some think National ID == Number of the Beast]
No no no, the Number of the Beast is always the same, while National ID numbers should all be unique. The NotB essentially *destroys* identity and makes the bearer an interchangeable unit of someone else's property. The two concepts are antithetical.

I don't believe Revelation, but amusingly I've figured that this sort of system (and Trusted Computing) actually DOES fall in exactly in line with this Number of the Beast thing. Nor are the concepts are antithetical. It can in fact give everyone a unique identity number and simultaneously make the bearer anonymous and interchangeable. There is no need to reveal your identity (or your identity number) when you can anonymously proove that you are properly enslaved by the mark and by the master number

In particular note the distinction between the Mark of the Beast (MotB) and the Number of the Beast (NotB).

The NotB would be the private key of the root public/private keypair. MotBs (plural) would be cryptographic signatures made using that number. The NotB would be cryptographically hidden within each MotB. You can't see it, but it's there.

Obviously no one would ever accept the MotB if they knew/could see the NotB, now would they? However the root private key will be kept secret. In fact it will most certainly be generated inside microchip, unseen by human eyes. We could develop an entire economy and an entire society on top of this number, with no human eyes ever having seen it. The number could be 666 consecutive ones, and no human would even know. This number would be cryptographically hidden inside the root public key and it would be invisibly stamped within every signature (Mark).

Note the reference to being wise and insightful enough to calculate the NotB - exactly in line with public key cryptography! According to the best known methods of all known mathematics, attempting to calculate the number would require over 10,000 years even using every computer on earth. Of course it's always possible that some wise mathemetician will have a new insight - a mathematical insight into factoring. An insight which would let him quickly and easily calculate that number. It is also sobering to consider that those in power could very well go to extremes to surpress that insight and prevent that number from actually being calculated - for to do so would result in a total collapse of the Trusted Computing system and any economy/society built upon it.

And the entire point of the Trusted Computing mark is to make interchangeable units, all effectively property of the holder of the root key. Each time you buy or sell anything, the system generates a completely random number and stamps it with your mark which has been stamped by the master number. Whoever you are doing business with can authenticate this random number has indeed been indirectly stamped the master number, and without revealing your identity. He then knows that you are approved and controlled by the master number, else you would have been unable to properly stamp that random number. You are an an anonymous (interchangeable) person bound by the rules of the Mark.

And where is the MotB to be? Your right hand / forehead. Well, your Trusted Computing device bearking the Mark will figuratively BE your right hand. It will carry out tasks/work for you. It will do your buying and your selling, it will manage all of your finances and your communications and your records and your files for you. However such a device will also figuratively be your forehead. It does calculations for you, it remembers things for you, it will "think" for you.

Those who refuse the MotB are to be beheaded. I doubt people would literally be beheadded for refusing the control (mark) of Trusted Computing, however it could easily be described as a figurative beheadding. Such a person would not only be barred from money transactions, they would be barred from the internet itself. And realize that the internet is rapidly devouring everything, even telephones are moving to VoIP.

-

If it's just to verify "age and gender" . . .

[acceleriter]

. . . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

Re:If it's just to verify "age and gender" . . .

[Zeinfeld]

. . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

Security is risk management, not risk elimination.

The point of an experiment is to see how significant these issues actually are.

Sharing the token is a bad idea since it will also be used to authenticate to the school web site. If a kid looses the token and has it re-issued then the original is cancelled.

Re:If it's just to verify "age and gender" . . .

[MemRaven]

Really? It seems like an ideal way to pose in a "safe" chat room. You just borrow/steal/abscond-with/buy the token from someone who matches the profile that you want to emulate (i.e. you steal it from your 6 year old neice, or just take it when she's not looking and replace it before she can misplace it).

If we've learned nothing else from social attacks, it's that a misplaced sense of security can actually be worse than a lack of security at all. If you think that authentication is working, you're less on your guard (and more trusting) that you would be if you thought that it definitely wasn't working. If the system is that easy to foul up, it's thus worse than no authentication at all.

Now if it was 2 or 3 factor authentication (i.e. in order for the token to work you have to do a fingerprint and PIN check) then it's a different story. If it's just a dongle, it's pretty worthless.

Re:If it's just to verify "age and gender" . . .

[zoeblade]

Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

More than likely, it's both.

Re:If it's just to verify "age and gender" . . .

[aonaran]

The point I was trying to make (I realize it didn't come across very clearly) is that they are doing this all wrong. They should only have to provide a count of how many keys of each type they need and V provides them with X keys for 6 yearold males, etc. But it sounds more like they are taking the other approach and using a key with a unique id that links to a database of name age and gender.

The former would do what they seem to want without giving out unnecessary amounts of data to verisign, but the latter is VERY dangerous indeed.

What's to stop this unique ID from being used to collect all kinds of data on the children? who controlls the servers that do the authentication? if it's the school it's not so big a deal if it's some other org (especially Verisign) I'd be very wary of it's use.

Re:If it's just to verify "age and gender" . . .

[Safety+Cap]

And when you molest/murder the other young girl you were hoping to chat to, the authorites have somewhere to start looking - they know the online identities of the people the girl was chatting to, and start looking into them...

...only to discover that the token you used was stolen from some kid 6 months ago in another state and sold on the black market...

Great...

[cassidyc]

Now instead of just faking up my ID, I can steal someone elses. All it takes is enough drink and the right students.

Still this security thing is jsut a laugh really isn`t it?

sigh.....

CJC

Re:Great...

[animaal]

"...All it takes is enough drink and the right students..."

Ah, the good old days of student dating...

Right...

[The+One+KEA]

Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

Better yet, how many kids will lose their tokens?

Not to mention the possibility of the breaching of the privacy of minors.

On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.

Re:Right...

[jrod2027]

Or how about how long will it take for some pedeophile to get ahold of one of these tokens?
Instead of relying on children to take their word of how old they claim to be, the kids could be fooled by a false sense of security with these IDs.

Peodophile: I'm an 11 y/o kid honest... see my Verisign token proves it.
Kid: Wow, you're right. Want to go hang out?

Re:Right...

[Maestro4k]

• Better yet, how many kids will lose their tokens?

Not at the same time of course, but I'd bet at least 50%. I work for a school system and just yesterday we had about 8 kids get on the wrong buses and another 5 or so who were new bus riders and didn't know where they lived exactly. If they can't remember things as important as which bus they ride and house they live in we certainly can't expect them to keep track of a small USB token.

• Not to mention the possibility of the breaching of the privacy of minors.

That's the first thing I thought of myself. I work with the bus routing software and when I need to send copies of my databases to the company who makes it to debug a problem I have to make a copy and go through and change all the names to John Doe. I also can't send the whole file since the addresses can't be masked for debugging purposes. How sending an entire list of your kids with names, age and gender to Verisign can be legal is beyond me. AFAIK that would require signed consent from every single parent/guardian for every kid.

• On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.

Well there's the beauty of it from Verisign's standpoint. They don't have to worry about the execution, they just provide the tokens and authorization servers. The school systems get to sort out the mess from lost/stolen keys and what not. It'll just end up overwhelming the poor staff with more paperwork and problems than they already have to deal with.

Re:Right...

[Delirium+Tremens]

Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

Please go ahead. Here is their public key:

30 82 01 0a 02 82 01 01 00 dd 84 d4 b9 b4 f9 a7
d8 f3 04 78 9c de 3d dc 6c 13 16 d9 7a dd 24 51
66 c0 c7 26 59 0d ac 06 08 c2 94 d1 33 1f f0 83
35 1f 6e 1b c8 de aa 6e 15 4e 54 27 ef c4 6d 1a
ec 0b e3 0e f0 44 a5 57 c7 40 58 1e a3 47 1f 71
ec 60 f6 6d 94 c8 18 39 ed fe 42 18 56 df e4 4c
49 10 78 4e 01 76 35 63 12 36 dd 66 bc 01 04 36
a3 55 68 d5 a2 36 09 ac ab 21 26 54 06 ad 3f ca
14 e0 ac ca ad 06 1d 95 e2 f8 9d f1 e0 60 ff c2
7f 75 2b 4c cc da fe 87 99 21 ea ba fe 3e 54 d7
d2 59 78 db 3c 6e cf a0 13 00 1a b8 27 a1 e4 be
67 96 ca a0 c5 b3 9c dd c9 75 9e eb 30 9a 5f a3
cd d9 ae 78 19 3f 23 e9 5c db 29 bd ad 55 c8 1b
54 8c 63 f6 e8 a6 ea c7 37 12 5c a3 29 1e 02 d9
db 1f 3b b4 d7 0f 56 47 81 15 04 4a af 83 27 d1
c5 58 88 c1 dd f6 aa a7 a3 18 da 68 aa 6d 11 51
e1 bf 65 6b 9f 96 76 d1 3d 02 03 01 00 01

Since I am a nice guy, I'll give you the first two hints to get you started. They use RSA. And their key length is 2048.
Now, you can try to brute-force RSA to find their private key...

See you back when Quantum Computers are sold at Wallmart :)

So now the Child Stalkers can...

[KyootFox]

Just check the online ID before persuing the child??

That's gonna cut into the FBI's stake-outs, isn't it?

Re:So now the Child Stalkers can...

[Maestro4k]

• Just check the online ID before persuing the child??

  That's gonna cut into the FBI's stake-outs, isn't it?

Doubt it, they'll most likely be able to get fake tokens to use online. The main problem may be that they'll need multiple tokens as they can't be the same "child" constantly as their cover might be blown from time to time (after busts for instance).

Other than that it probably won't matter, if you read the details of the busts the police do make from online contacts the guys were total morons to start with. They didn't arrest some horrid child predator, they arrest some moron who likes kids but isn't bright enough to be successful at it. I'm quite sure the real dangers are far sneakier, after all they know the feds are watching the chat rooms too. Additionally the statistics show that most kids are sexually abused by someone they know, generally family, so online predation isn't what the cops really need to worry about, it's just a way to make it appear they're doing something about the problem.

Can't work won't work

[klubkid79]

And what is stopping a dubious individual from borrowing one of these tokens?

Sending it to colleges?

[P-Frank]

Excellent! I figure by about noon tomorrow I'll download a patch that "officially" makes me a 16 year old girl.

Re:Sending it to colleges?

[Talthane]

I figure by about noon tomorrow I'll download a patch that "officially" makes me a 16 year old girl.

Well, everyone needs a hobby.

Man, a 13 year old could make a big profit

[scythian]

Selling his or her token to some freak on ebay!

Just what little tommy needs!

[palad1]

A personal x509.3 certificate and a crypto key.

So when he's 21 he won't complain when the barcode on his forearm will be used to 'strenghten e-vote security'.

Train them while they are still young, the older they get, the harder for you to teach them new tricks...

Oh, wait, this only works with pkcs#11-enabled chat applications? I guess IRC will have to be outlawed then. You don't want untagged pedophile commies subverting little Tommy on IRC now, do you?

Re:Oh noes!

Baby, before I put my hot love stick into you, please insert your USB stick into my PocketPC for age verification.

~~~

Dumbest Idea Ever

[LaNMaN2000]

This is the dumbest idea in the history of mankind: verifyably identifying children as such on the Internet. Unless, of course, they are trying to help pedophiles find targets that they *know* are too young to be FBI agents.

Re:Dumbest Idea Ever

[maxwell+demon]

I guess FBI agents can get tokens for any age/gender they want.

My rights as an anonymous online individual

[mr.+mulder]

So, not only are students going to be forced to carry yet another form of ID, but they'll also have to give a third-party company (Verisign in this case) detailed personal information.

What about student's rights - they have the right to enter chat rooms, etc.

I can envision the next step - restricting web sites based upon age, then it will be restricting web pages based upon being a student, finally, just restricting overall.

Luckily, we won't have to worry about this being a wide-spread problem - the system is too flawed to go very far; however, I feel for those that WILL be made to use it.

Bottom line is that NOBODY should HAVE to use this system - somehow it should infringe upon their right to freedom of assembly. Albeit, a *virtual* assembly, it's an assembly!

Am I missing something, or is this lame?

[dpbsmith]

Unless the article is leaving out some, dare I say key piece of information... in about a week, students will have figured out that the computer doesn't know whether the USB token belongs to the person who inserts it or not.

In about two weeks, they will be borrowing them from older siblings.

In about three weeks, there will be a brisk trade in USB tokens issued to older students who have no interest in the school-approved content that is actually linked to the key, but great interest in money.

In about three months, forged adult-ID USB token will be for sale on eBay.

Even a plain old ID card has a signature and a photo on it, so someone can see whether it matches the holder of the card or not. But these anonymous bits of colored plastic are just an invitation to abuse.

In a corporate setting, I suppose you've signed something that says you're responsible for all use made of the token, and you would be suspiciously unable to do your job if you loaned it to someone else... and subject to dismissal if someone finds out. I don't see how that can be applied in a school context.

Unless they were planning to Superglue the token to the kid?

Re:Am I missing something, or is this lame?

[erikharrison]

Ha!

It's more like those kids who are already on the internet will continue using open environments (AOL chatrooms, IRC, message boards) where the token is useless, and those who aren't web savvy will loose the damn thing.

The way to make these used is to make kids want to use them - for example, providing places where kids feel more secure or comfortable with some guarentee of the identity of their co-chatters. On the other hand, we're just lulling those kids into a false sense of security for many of the reasons you list above, regardless of whether or not what you mention comes to pass, but because it teaches them to trust weak technology without thinking.

Re:Oh noes!

[Tony+Hoyle]

But "She had a token proving she was 18" is very probably a valid defence....

www.isafe.org

[way2trivial]

see their site... they are the makers of the device

Doesn't this violate

[I_am_Rambi]

some type of law? I would want that information to be authenticated that way. If I remember right, parents will have to consent to it first if it is a public school.

What are the students doing in chat rooms during school anyway? Seems that Verisign just wants another way to make money.

And you know it'll never be cracked because...

[eric_brissette]

... it's all encrypted on a Lexar JumpDrive

Gender?

[LordK2002]

What on Earth has gender got to do with child safety?

Clearly in some cases it might be necessary or desirable to prove your age, but unless the chatroom is supposed to be an online matchmaking service I fail to see what the presence of a Y chromosome has to do with anything.

Re:Gender?

[grahamm]

Maybe some areas might be gender specific. For example girls might find it easier to discuss things like the the changes to their bodies which happen at puberty if there are only other females present. The tokens could be used to only allows girls of the appropriate age (plus specific vetted adult female advisors) in the chatroom.

Re:Gender?

[figa]

How are advertisers going to narrowcast effectively if they don't know the gender of the kid? These keys are going to be a boon to target marketers. They'll be able to get the age, gender, school district, and past browsing history easily, and with a little cross-referencing, ethnicity and family income.

Foucault would probably point out that technologies of control have always been inflicted on children first, always for their safety and well being. Verisign's obvious goal in this is to breed a generation of Internet users that are accustomed to using an ID with a computer. While this generation comes of age, Verisign will probably partner with Microsoft and legislators to make Verisign-issued IDs mandatory start a computer, first for children, then for the rest of us. It's not that far-fetched, and it ties in well with DRM.

As for girls (or boys, for that matter) discussing their private lives online, a less cynical and profit/control motivated educator would explain that you just don't discuss those things online. Kids should understand that they are publishing when they're writing in a chat room, whether it's run by the school or Mattel, and anything you say can be stored, copied, and republished outside of the context you wrote it in. These keys would obviously not keep a malicious child from copying sensitive text from a gender "locked" discussion board, complete with IDs, and text messaging it to the rest of the class.

Re:Gender?

[jandrese]

Better yet, they shouldn't talk about that at all. I mean it's just gross, right? I don't know what all of those special interest chat groups (not cybersex people, cmon!) are for. I mean isn't this the sort of thing that is never spoken of? If people start getting too much information they might get ideas, and ideas aren't good for keeping people in line.

One of the biggest strengths of the internet is the ability to discuss issues anonymously that you may be too embarrassed to discuss with your friends and family--friends and family who would be of no help anyway since they know just as much as you.

Re:Gender?

[julesh]

One of the biggest strengths of the internet is the ability to discuss issues anonymously

So let me get this straight -- these kids are having to prove their identity in order to be able to discuss stuff anonymously. That makes sense.

EBAY!

[Lifix]

Gosh. If I was a student, I would be snatching these things up like gold, then pawning them on ebay to teh pedofiles.

This only adds a false sence of security, without biometric identification on these usb things, anyone can become a 16 year old male. Lets go chat up NAMBLA and ask them what they think!

Dangerous

[mrph]

The situation could get dangerous if people start relying too much on these things.
Once someone figures out how to crack it, he or she would be able to fool everyone who believes that the system is reliable.
Today most people are sceptical to people online, with this system it could actually get really easy for the scumbags to convince someone of their (fake) age.

eeeeewwwwwww

Creeper! When I saw u on #funtalk teh other nite, u were all like a/s/l? And I was all liek no. u a/s/l first! and u were all like 16 and thwen we cybered.

Now ur saying studnt dating is the good ol days? ur not 16! Gross!

Changing the world

[AdamHaun]

So every chatroom in existence has to be rewritten in order to use the token scheme? Why would anyone go to the trouble of doing this? If schools want safe chatrooms, why don't they just set up their own network and do the authentication themselves? Expecting the whole world to change to support your authentication scheme seems a little farfetched.

Of course they give it away to the kids, its value

[CFD339]

is to adults. You can't prove you are an adult and thus entitled to something more by NOT having one of these.

The goal to Verisign is obvious -- once they are widespread, you try to get first libraries and then other places to require the use of the "KEY" to use the system to prove your age. As an adult, you'd "need" one, and thus have to pay for it.

Also, its a good first step toward a "universal" (as if) public key. Ideally, imagine something like the Post Office being able to assign a public/private key to you. That's what everyone wanted with these keychain java keyring things talked about in the 90's.

Personally, I hate seeing verisign being given this contract, but I'm not sure someone shouldn't have it.

I'd like to see a U.N. sponsored standard, with countries and or businesses able to register as registrars. The SSL key distribution system we have now works pretty well (if overly expensive).

At a minimum, that same system applied to people as apposed to web server names would go a long way.

Yes, I know all the usual issues apply -- how do you prove its YOU with the key, etc. Lots of discussion on that (which is off topic) and other things. Privacy? What about additional private certificate keys? Well, why not all those things.

Personal ID should have a data component for public key.

So perverts now have a legitimate reason to ask..

[Zog+The+Undeniable]

"Let me see your dongle."

Re:Get lost Veribad.

[goldspider]

Use of Tired Cliches: Check!
Arrogance: Check!
Rightious Indignity: Check!
Teen Angst: Check!
Hip-Sounding Paranoia: Check!
Rebellion Against "The Man": Check!

Thank you for verifying your age. You are indeed a teenager as you claim.

-Verisign

Re:Nothing is perfect!

[Paleomacus]

We're not looking for flawless. It just seems that this system is completely broken.

It's really not better than nothing at all. The illusion of safety can be more dangerous than being wary of threat.

Re:Nothing is perfect!

[jackb_guppy]

This is NOT a step in protecting anything.

1) For a child to be protected, they MUST have the fob.

2) They must use it on presribed machines with the right software.

3) Some big brother is watching out for them.

What this really is a step to personally "brand" everyone. Just like RFID in clothes or under the skin or the tatoos of Germany.

Further you can only be "safe", if you are willing to "pay" for it, including tracking every one of your habits on net.

COPPA anyone?

[YrWrstNtmr]

Children's Online Privacy protection Act of 1998

It's not the school administrators information to give away. This information must go through the parent.

There's already a device that protects children.

[Jack_Frost]

I think they're called "Parents."

Re:Nothing is perfect!

[bitslinger_42]

Time and time again, we've seen that having no security and knowing it is better than having bad security and not knowing its bad (Maginot Line, anyone?) Most parents who will have their kids participate in this will think "Johnny's got the token, he's completely safe on the Internet" and ignore their kids behavior even more.

Off the top of my head, a better solution would be to use the BMW-type car keys (the ones with the chips in them) and have the computer hardware require the presence of the key to be on (or have internet access, or whatever). That way, at least one parent must have approved of the usage and be physically present for the kids to use the Internet.

A large portion of the problem with protecting children is the parent's responsibility, not the government's, not the school's, and certainly not Verisign's. If the parent's aren't going to monitor their kids and do their due dilligence to make sure the kids are in safe places, then all the tokens/bar codes/subdermal chips in the world won't make a difference.

it's a start

[chegosaurus]

So now I know the girl I'm talking to is genuinely 16. Now all I need is a token that proves she's genuinely hot.

mod parent up!

[zanderredux]

as an AC noted,

I'd mod you up if I had mod points. This is the crux of the entire issue. Most people just don't realise it yet.

Re:Rule #1

[Taladar]

noncounterproductive

You mean "productive"?

Translated story

[w3weasel]

Verisign announced today that it would begin a program to create the youngest group of hackers ever.

OK, I'll wear the hat...

[zogger]

... the one made out of shiny flexible metal.

This is just another example of conditioning the younger generation. Get them used to big brotherism and total surveillence/command & control. Goes along with acceptance of constant TV camera monitoring, using a thumb scanner to get a school lunch (how pavlovian can you get?) and other sorts of brainwashed response mechanisms.

We've already got the adult population conditioned to accept things that would have caused lynch mobs 100 years ago, like "random courtesy checkpoints" on the roads.

To the goons, the elite controllers, it's just part of the system, they want willing sheep, controllable herds, and the younger they get them brainwashed the better, then it's "acceptable and normal".

Hey, here's an idea! Why don't we drug the kids in the schools as well? Then we can make them even MORE controllable!

Oh ya, they do that too. Funny how all that stuff ties together.

Dislike this approach

[whovian]

1. The burden would be on children to get an ID. It suggests the children are to blame, when it's the pedophiles who are at fault and should be prosecuted.

2. In the extreme, isn't this a step in the direction of corporate or even government controlled access? It could limit who, when, and where content can be accessed -- if at all.

In lieu of a credit card, here's how it works

[192939495969798999]

The device drills a hole in the kid's head and counts the rings. TGIF!

Re:Rule #1

[Bastian]

Yes.

In the same way that non-negative means >0.

Who says Verisign thinks it's easy?

[raehl]

Who says Verisign even thinks it's possible?

Verisign doesn't care. They just need to convince people that these USB keys somehow protect their children. It doesn't matter if it ACTUALLY works, just that people BELEIVE that it works. In fact, it's probably better for verisign if it doesn't work, as it's less work for them.

The goal isn't to protect children, the goal is to get $20/year from every kid who accesses the internet. Neat trick.

Credit vs. Debit

[SeanDuggan]

Well, the main advantages of debit cards are that that you can use them in ATMs to get cash without incurring 14% fees on the transaction (similarly, many grocery stores let you get back money on a transaction if you tell them you're using a debit card, a way of avoiding service fees sometimes if the local ATMs don't interface with your bank) and theoretically, you're limitted to what's already in your bank account (I think they allow some degree of overdraft and if you've got an associated savings account, they may automatically draft money between accounts to cover overdraft). And, like most posters have said, you can use them just like a credit card in almost all situations.
Advantage of credit cards is that a) you can exceed your available money (although I don't reccomend this, as the interest rates approach loan shark proportions) b) Because there's an extra buffer between you and your bank accounts, there's a fair amount of theft protection built in. You're only liable for $X of a stolen credit card, usually about $50, assuming you report it promptly. Debit cards, well, you may have a bit more trouble getting the money back from your bank. c) Using a credit card improves your credit rating. This is why I pay for everything by credit card, then pay off my bill in full every billing cycle. As a result, I've built a solid record as someone who makes use of credit and is also reliable. *shrug* It can make a big difference when it comes time for you to purchase your first car or house.

At the end of the day, I tend to carry my Discover card for credit (cash back is miniscule, but better than nothing) and a check card marked with a Visa logo for places that don't take Discover and for ATMs. ^_^ And I carry another credit card, a MasterCard, which I use if I run into places that don't carry Visa or Discover. I used to also keep an American Express card, but it seemed to be overkill. (Plus there's some political issues there, but that's another matter entirely)

Re:Credit vs. Debit

[mikeswi]

"c) Using a credit card improves your credit rating. This is why I pay for everything by credit card, then pay off my bill in full every billing cycle."

Actually, while that is good for your credit, paying it off slower (not in full) looks much better. You're paying the bill (good) but you're also making the lender more money (better), so your credit score goes up further than if you pay the whole thing at once.

Same as a bank loan. It looks better to pay it off according to the schedule than to jump the gun and pay the whole thing off early.

Of course, if your credit is already excellent, there's no need to worry with all that. If you're trying to rebuild bad credit, then slower is better.

FERPA violation?

[awkScooby]

I thought FERPA (Family Educational Rights and Privacy Act) generally prohibited schools from disclosing personal information about students. I guess Verisign is relying on the "Organizations conducting certain studies for or on behalf of the school" exception. How do they propose implementing this if it passes the study? Certainly they should receive no excemption then.

Of course they could provide technology to schools so that schools could program their own tokens, thus eliminating the need to send private, federally protected inforamtion to Verisign. But, that would undermine Verisign's greedy, "let us mint certs which expire more frequently than necessary, so that we can sell you the same thing over and over again" strategy...

Gender?

[Eudial]

Eh, what does gender have to do with anything? Isn't age the relevant part?

What's the point?

[liquidsin]

I'm already working under the assumption that every eleven year old girl I'm chatting up on irc is either a 37 y/o truck driver from Idaho or an FBI agent.

Can't they come up with a better stupid idea?

[scruffy]

Surely Verisign can come up with a better stupid idea than this.

Oh yeah, there was Sitefinder. Never mind.

Little Girl

Good, Because I really hate when I am chatting up a little girl and she turns out to be a cop