CyberVoices

Canadian cybersecurity news and thought leadership

hero-jobbies-7

Bill S-210: A National Security nightmare slouching towards reality

The Senate-initiated Bill S-210, aimed at restricting young persons' online access to sexually explicit material, faces numerous criticisms, including privacy invasion, reliance on unproven technologies, and potential overreach into streaming services and search engines. However, one major criticism, the national security concerns it presents, has not received adequate attention.


On the surface, the bill appears to be a well-intentioned law that should garner widespread support, having passed the Senate without opposition. Its goal is to solve a politically sensitive problem, making it difficult to oppose, especially given the technology knowledge gap among Parliament members.
The law relies on non-existent technology to ensure users accessing adult content are who they claim to be, while keeping this information secure. Technologies for identity verification, like those from AU10TIX, are used by TikTok, Uber, as well as financial institutions, exist but are not foolproof. In May, AU10TIX was reported to have left administrative access to its database open for up to a year, exposing millions of people’s sensitive personal information.


There is no guaranteed way to protect the detailed information required for verifying access to explicit content. The breach of this information can have deadly consequences, as demonstrated by the Ashley Madison hack, which exposed 37 million users and was linked to several suicides, including a church pastor.


The bill attempts to mitigate this by requiring the destruction of personal information after verification, but this data must be stored temporarily, creating vulnerabilities. National intelligence agencies would likely target websites complying with this law, designing methods to capture verification data. Even minimal breaches involving names, emails, and verification status could be exploited for extortion.

This kind of data, linking individuals to sexual content, is what Russian intelligence would refer to as "Kompromat" (a Russian portmanteau for compromising materials). Imagine nation-state cyber spies accessing information about an MP, cabinet minister, or critical infrastructure employee. Besides making adult-content sites attractive targets, the bill could create a black market for non-compliant providers. Intelligence agencies might even create such sites to generate compromising material on Canadians seeking to protect their privacy from this invasive measure.


The UK's similar attempts with age verification laws for sexually explicit content ended in failure, as they proved impossible to implement safely. A better approach would be to involve Internet Service Providers, operating systems, device makers, and adult content providers providing easier to use tools for filtering explicit content. This could be an effective use case for artificial intelligence, supporting parents and guardians in managing appropriate content for their children.

Bill S-210, though well-intentioned, presents significant national security risks that outweigh its potential benefits. By encouraging collaboration among tech companies and leveraging existing technologies including AI, a safer and more effective solution can be found to protect young people online.