When you place all the requirements on a software product like what the government has to, then it’s going to be expensive. Anyone who thinks that the total cost of a privacy protecting, government accredited, widely available, reliable, audited, and domestically produced age verification system isn’t going to be in the hundreds of millions has never actually shipped something comparable.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.
I disagree. This is exactly what happened with the initial launch of Healthcare.gov after the Affordable Care Act. The government spent hundreds of millions contracting a large firm that completely botched the site, it couldn't even handle a few hundred users at launch.
Then a small team of highly skilled engineers from Google/Facebook etc were brought in to fix it. They stabilized and relaunched the system in weeks at a fraction of the original cost. It showed that the problem wasn't the complexity or the standards, it was how the project was managed and who was building it.
IIRC, it wasn't even that it contracted one firm, it contracted many, and the individual contracts were managed separately. None of the systems were actually required to work with each other in letter, only in spirit.
The major advantage of bringing in the engineers (only one ex-googler, most were oracle and redhat, again IIRC) was that they were all already bigwigs and knew how to take ownership of large systems, and were given the authority to do so.
A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
The idea that a small group of people can't produce something that can scale to millions of people is just false.
It also wouldn't just be cheaper; it would be better. The "government" way of doing things would be far more likely to be broken glue code with privacy issues because all those committee meetings and bottom of the barrel contractor selection don't produce better end results
> A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
Large technological companies are unable to pull this off either, it’s unrealistic to expect it from a government.
What are you talking about? The government gets to cheat and use the IRL ID verification they do already for licenses.
* You create your account as part of your license renewal and have a normal-ass login. As part of that your account is manually marked as being 18+ (or just your age) by the person behind the counter.
* The government publishes a few public certs which will be used to verify.
* Then you go to your account page and click the button to generate a certificate signed by one of the government's private keys. The cert is valid for say 7 days.
* You upload the cert to the website you want to access and the website validates it.
Done. You make it illegal to provide your tokens to minors like it's illegal to provide booze to minors. Good enough for government work. It's literally just an EV cert.
The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
> The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
every time a country wide ID comes up, people freak the fuck out about state's rights and it being a power grab. people are already freaking out about RealID. it will take a very authoritarian system to force this through, yet it's the supporters of that leader that are the most vocally against it.
I don't think we can really trust in all those years of stated preferences, now that the revealed ones are so different. They folks who often say "States' rights" have always been the most willing to violate them if it gets them what they want.
Meanwhile, the rest of us should have new fears of a National ID feature. Republicans in administrator-roles recently started corrupting federal databases, fraudulently marking living people as dead [0] in order to kill their accounts, while firing the people who pointed out it was flagrantly illegal.
It doesn't require any imagination for the same bad administrators to illegally disable National ID logins because you posted something that hurt the cult-leader's feelings. The feature cannot be made safe if the framework is still open to crooks.
Hard disagree. The Right Wing Noise Machine freaks out. That is not what people generally think. That’s what they’re TOLD to think, by people who have an agenda to sew discontent.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.