back to article No more holidays for US telcos, FCC is cracking down

The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident. In a unanimous 4-0 vote, the FCC published a notice of …

  1. MatthewSt Silver badge

    Age Tokens

    Not that they're interested in using it this way, but it wouldn't be impossible for your Auth provider to issue you a token (JWT?) that you can then paste into whatever platform wants to verify your age.

    The token only contains proof that the bearer is over 18. Doesn't contain any identifying information. Auth provider don't know where you used it, Auth consumer knows what provider it came from but not who it was assigned to.

    Combine that with rate limits (restrict how long tokens are valid, how many each user account can generate per day, how many times the consumer will accept the same key) and you're most of the way there! It won't entirely prevent a black market for them, but nothing can

    1. F. Frederick Skitty Silver badge

      Re: Age Tokens

      Presumably the Auth consumer is going to have to contact the Auth provider to validate the token. At that point the provider knows exactly where the token is used.

      1. Anonymous Coward
        Anonymous Coward

        Re: Age Tokens

        That's not technically needed. It could simply be an X509 certificate, which can be checked by a PKI.

        1. MatthewSt Silver badge

          Re: Age Tokens

          Exactly, and all that is built in to JWT

    2. CommanderGalaxian
      Boffin

      Re: Age Tokens

      Zero Knowledge age verification could be done - but since that would mean those offering the services couldn't earn a penny from your browsing habits, I wouldn't hold your breath.

  2. Anonymous Coward
    Anonymous Coward

    They'd have to retain a copy of the proof of age in order to prove that they checked your age. It isn't the same as a bar, where you're in and out the same night with your ID on you, or a physical store that checks ID like a liquor store. Digital requirements are and will always be different.

    For those worrying about their privacy while surfing porn: maybe you should find a new hobby.

    1. Anonymous Coward
      Anonymous Coward

      Oh look, some jerk on the internet thinks they're morally superior because they don't surf porn. What a surprise.

      For those not worried about privacy surfing porn, perhaps you should worry about what's coming next and help take steps to protect EVERYONE'S privacy.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        But then again, I live in Canada, where our courts strike a balance between competing interests in society instead of giving leeway to free-speech fanatics that quote American laws, and "muh rights" nutbars who've never read out Constitution and Charter of Rights.

        We do not have any set-in-stone "rights" because our courts recognize that the real world isn't black and white.

        1. Anonymous Coward
          Anonymous Coward

          Canada: Protected against the barbarian Südländer hordes by the Great Wall of Smugness

    2. Anonymous Coward
      Anonymous Coward

      Beside the (alleged) moral superiority, there's quite the assumption there. Why would they need to keep the ID? If they've got an auditable process that requires an ID check to open an account, there's hardly a need to keep it.

      1. Anonymous Coward
        Anonymous Coward

        You think they don't keep copies of your photo ID at the internet registries? At your bank? At your insurance company? At any OTHER place that has to prove they identified you as a customer.

        Pah. People hate hearing the TRUTH. Downvote is not "I don't like reality."

    3. Anonymous Coward
      Anonymous Coward

      Porn is my new hobby.

      Have you ever tried to get a date when you are honest about your trainspotting?

    4. tesmith47

      next will be lousiana government keeping track of people reading about Judiasim and islam because you know christians dont want minors knowing about that other stuff

      1. Anonymous Coward
        Anonymous Coward

        Will they also remove all texts from the Chicago economy school of thought?

        Since they are not compatible with christians tenets...

  3. Anonymous Coward
    Anonymous Coward

    Age verification

    Would it be safe to assume that Louisiana have also enacted laws requiring age verification on sites containing guns, images of guns and other forms of violence? Because, lord forbid, any children should get to see guns and learn about violence that may corrupt them and lead them astray.

    1. ecofeco Silver badge

      Re: Age verification

      Of course not. In American, sex is bad, m'kay, but sacrificing children AFTER they are born is perfectly fine.

      For the freedumbs of course!

    2. Pirate Dave Silver badge

      Re: Age verification

      Well, that's a Federal thing now. One of the measures passed last year and now in effect requires sites that sell guns (and maybe parts?) to "verify" that the viewer is over 21 years old. And by "verify", so far most of them just have a button to click that says "I certify that I am over 21 years old" or some such, nothing as onerous as this requirement before being allowed to look at another person's naughty bits that Louisiana has.

      1. Strahd Ivarius Silver badge
        Devil

        Re: Age verification

        So Louisiana people will just have to provide the proof they connected to Pornhub?

        1. Anonymous Coward
          Anonymous Coward

          Re: Age verification

          Looking forward to "Login with Pornhub" buttons

    3. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    Stolen Bitcoin keys

    That "unnamed individual" wouldn't happen to be https://twitter.com/LukeDashjr/status/1609613748364509184 perchance?

  5. This post has been deleted by its author

    1. Strahd Ivarius Silver badge
      Holmes

      Re: ID Now Required

      Are you implying that UK MP connect to sex sites while in Parliament?

      1. Julian 8

        Re: ID Now Required

        It was a tractor guv, honest

        1. Anonymous Coward
          Anonymous Coward

          Re: ID Now Required

          Well the Republicans are absolutely correct.

          Why just the other day I saw a video of some people pulling a train.

          And that is exactly what banning coal leads to!

  6. Pascal Monett Silver badge

    LastPass : "the attacker made off with customer data"

    And that is why I do not use a password manager.

    I'm old enough to manage my own passwords, thank you very much. I do not need to put my trust in a central entity whose every employee is a potential security risk.

    1. Potemkine! Silver badge

      Re: LastPass : "the attacker made off with customer data"

      IMNSHO, you're wrong. A password manager is highly recommended when you have to deal with multiple passwords without reusing them. Using the same password for multiple usages is wrong.

      I do understand your concern, just don't use an online password manager. There are many local tools to deal with passwords. For instance, Keepass rocks.

      1. ThatOne Silver badge
        Thumb Up

        Re: LastPass : "the attacker made off with customer data"

        > just don't use an online password manager

        Indeed. If you're worried (I am), you simply use a local password manager (I do). It allows me to handle hundreds of strong and different passwords.

        I'm not so lazy as not to be able to handle the unspeakable strain of having to manage my passwords database and copy/backup it as needed myself, so no drawbacks I can think of.

      2. Alumoi Silver badge

        Re: LastPass : "the attacker made off with customer data"

        Or a common notebook. You know, pen and paper?

  7. ThatOne Silver badge
    Devil

    Black day for telecom companies

    > Negligence isn't going to be a good excuse for much longer.

    Their whole business model comes crumbling down...

  8. bo111

    Non-digital age tokens

    Age tokens should be physical cards sold in shops similar to printed adult magazines. And thus anonymous, maybe with an expiration date.

    1. Alumoi Silver badge

      Re: Non-digital age tokens

      Yeah, and sold only to people over 18yo. After presenting a state-issued ID. Right!?!

      /sarcasm

    2. doublelayer Silver badge

      Re: Non-digital age tokens

      That won't work very well. Such tokens would be very easily resold, meaning that unless it's tied in some way to the identification used to verify it, in which case the privacy purpose of the measure is ruined, anyone who wants one can probably get one. I don't really like the verification in the first place, so I'm fine if it goes that way, but with such an obvious method of breaking everything, I doubt you could get anyone who wants verification to agree to that method.

      1. This post has been deleted by its author

      2. Michael Wojcik Silver badge

        Re: Non-digital age tokens

        Not seeing the problem. Of course, I think the law is idiotic, so I'm all for ways to circumvent it.

    3. bo111

      Re: Non-digital age tokens

      1. If you are obviously over 18 years old, nobody asks for your ID in a shop.

      2. Illegal reselling is possible with any item, but is considerably less in scale. And possible to track/prosecute by token card numbers.

      3. The idea is not to 100% protect against adult or shocking content, but reduce the scale of access, to say 99.8%. Some horny teenagers may find a way around, but this has always been so. Younger children are unlikely to be much interested - and they are the target audience.

      4. Non-digital age tokens can be made as scratch cards and verify the age ONLY ONCE on the OS account level or browser level. The code is not allowed to be reused.

      5. Responsibility will be shifted towards parents. If you don't have children, there is no problem or inconvenience.

      6. Anonymity is easily maintained (well, your internet provider knows which sites you visit, but not which specific content you watch).

      7. The cards can be sold with minimal price to compensate the tech implementation and maintenance.

      8. This whole topic and related tech to protect children will be closed once and forever.

      10. Tech companies will save billions on censoring content. Small companies will benefit most.

      11. Political and dictatorial censorship will be hard to justify by the goal of "protecting children". So free speech will benefit.

    4. bo111

      Re: Non-digital age tokens

      and also

      9. Internet platforms will be able to easily verify users' age, if necessary. The age tokens are not meant for identification, but a fast confirmation: "I am an adult. Do not filter my content by any means".

  9. Itsthatguy

    VPN has entered the chat

    1. Killfalcon

      Not too loud, or they'll try to make them illegal as well!

  10. CommanderGalaxian
    IT Angle

    <Shrug>

    Best plan of action here is to cut Louisiana off from the Internet. It doesn't really contribute much anyway.

    1. Grogan Silver badge

      Re: <Shrug>

      Or just ignore them... they don't exactly have global jurisdiction and good luck charging/extraditing/suing someone in a country where an operator hasn't broken any laws.

      I don't even see how they could enforce this at all outside of Louisiana. It's a stupid law with loopholes too... have directories with thousands and thousands of cat photos, so your site isn't more than "33.33...%" adult content lol

      This pisses me off so much that I've got a good mind to START a porn website with photochops of those lawmakers fellating turds emerging from a big ol' stretched goatse rectum.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like