The jailing of paedophile David Wilson for 25 years recently (10th February 2021) perfectly illustrates one of the worst aspects of the online world: it’s far too easy for abusers to adopt false identities, allowing them to both lure, then lull victims into a false sense of security.
Wilson, 35, from King’s Lynn, Norfolk posed as a 13- or 14-year-old girl to lure as many as 5000 boys across the world (500 in the UK) into starting online relationships on platforms such as Instagram, which soon turned very nasty indeed. His adopted ‘teenage girl’ persona would persuade victims to send ‘her’ naked pictures, before using the pics to blackmail the unfortunate boys into carrying out further depraved acts, often even abusing siblings for Wilson’s gratification.
Social media platforms generally are taking a lot of flak right now over their inability to crack down on this kind of thing, as well as another evil – trolling. Because those who create hate-speak can also hide behind false identities, there’s quite a debate over whether Twitter, Facebook and others should let users employ made-up names at all, and whether the whole sector should be more tightly controlled.
Presumably,the online publishers of such platforms (for that is after all what they are) think it will harm their business model if they remove the ability of users to hide behind avatar identities.
One of the main UK TV channels broadcast an interview recently with a man who couldn’t believe trollers hoped his wife would get cancer again. In another chillingly similar instance, a troll hoped TV host and actor James Corden’s three children would also be struck down by cancer, over something he’d allegedly said about Game of Thrones.
What if everyone had to use their own names on social media, and as a condition of starting an account, had to be authenticated by a big data company or other trusted organisation first? The cowardly spite-peddlers might think twice about what they say.
All this has sparked a fierce debate about ‘free speech’ and whether people should have the right to a) say what they like and b) do it under pseudonyms. Of course the right to free speech is an important part of any modern democracy, but in a fair world, all those who hold controversial views should at least have the courage to stand up and be counted while expressing them.
In the physical world, in a debating society or at a venue like London’s Speakers’ Corner, you expect to see who’s speaking. It would look a bit odd if they had paper bags over their heads. So why should anyone be allowed to hide their identities while expressing their views online?
We suggest a simple two-stage improvement plan for the online world. First as outlined above, online platforms might insist users’ real names are used. Secondly,we propose the setting up of purpose-made authentication or 'Identity Partner' (IdP) accounts, with the aid of the big data companies, banks etc.
Such organisations could use their detailed knowledge of ordinary citizens, to vouch that the individual who posts on Twitter really is that person. This process is known as ‘know your customer’ or KYC in the information trade. It's all based on well-trodden pathways and technologies and skill-sets.
There are plenty of precedents for setting up such IdP accounts. One of them is the Gov.Uk Verify scheme operated in the UK, designed to allow citizens to securely log into official networks to check on tax, pensions etc. This has a network of IdPs, such as Experian, Verizon, Royal Mail etc. (Although the down-side of the existing system is that it involves the user ending up with a fixed password, which as we know can be extremely vulnerable. But we could provide an answer for that too...)
Establishing a far larger and widely-used IdP industry could spawn several major benefits. For account holders, suddenly finding they can prove who they are (online, over the phone or face-to-face) would be a real boon. It would also be a great business opportunity for the big data holders.
What if an IdP holder only wanted to prove certain attributes, say to reassure other users that at least they're in a certain age bracket, without giving away other information such as names etc? That shouldn’t be a problem, and would of course block the likes of David Wilson.
We would also suggest (and OK, yes this is where our self-interest starts to show!) that the Shayype one-time passcode system be used on the front of such IdP accounts. This would allow users to instantly authenticate themselves, without having to go through the whole tiresome, lengthy process of proving who they are each and every time.
All that authentication work, having been done just once, could then be simply switched on as it were, at the turn of a key.