The Online Safety Act: Part II
The sequel nobody asked for, but everyone saw coming.
Last week, hackers made off with roughly 70,000 scanned government IDs from a third-party provider used by Discord’s support and age-verification systems. Complete, with the usernames of the accounts they belonged to. Discord says the incident affected a 'limited number' of users globally and the ICO is assessing whether British users were among them.
This is a leak that ties real names and faces to the communities where people thought they were anonymous.
This is a darkly predictable illustration of what happens when identity verification is legally enforced but poorly regulated.
Enter the Online Safety Act.
When the British government wrote the Online Safety Act, it gave regulators the power to demand 'age-assurance measures' for access to 'adult material'. Critics didn’t need to be technologists to spot the flaw: how do you trust the people checking the IDs not to keep copies?
That confidence, it transpires, has aged about as well as fresh fish in the Summer.
By forcing companies to verify users age, ministers created exactly what they claimed would not be possible: a system where citizens’ most personal data, could potentially sit waiting to be stolen. Each verification vendor becomes a new attack surface, a honey pot of government ID's with no singular security standard.
Meanwhile, children can still access nudifiers and porn-bots with the simplest of workarounds.
The Online Safety Act remains the wrong answer to a complex question; an act of political theatre dressed up as protection.
If we must endure it, it should at least have been designed by grown-ups.
Instead of encouraging an unregulated patchwork of platforms which quietly hoard IDs, the government could have built an independent, regulated identity layer. One that issues “yes/no” tokens, and verifiably does not store scans.
Or, more sensibly, it could have accepted what every teacher and moderator already knows: education, literacy, and culture protect people far better than bureaucracy ever will.
However, in reality. Successive British governments have ignored experts and keep mistaking control for safety. Every law like this trades trust for convenience, leaving the public to deal with the consequences.
Unless something changes, this will not be the last leak of its kind.
