mnot
diff --git a/‎draft-nottingham-iab-age-restrictions.html‎
Lines changed: 31 additions & 54 deletions b/‎draft-nottingham-iab-age-restrictions.html‎
Lines changed: 31 additions & 54 deletions
@@ -1164,27 +1164,16 @@ <h2 id="name-copyright-notice">
             </ul>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
-            <p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-recommendations-for-age-res" class="internal xref">Recommendations for Age Restriction Systems</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.1">
-                <p id="section-toc.1-1.3.2.1.1"><a href="#section-3.1" class="auto internal xref">3.1</a>.  <a href="#name-content-marking" class="internal xref">Content Marking</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2">
-                <p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="auto internal xref">3.2</a>.  <a href="#name-distributed-implementation" class="internal xref">Distributed Implementation</a></p>
-</li>
-            </ul>
+            <p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
+            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
-            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
+            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
-            <p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
-            <p id="section-toc.1-1.7.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-authors-address" class="internal xref">Author's Address</a></p>
+            <p id="section-toc.1-1.6.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-authors-address" class="internal xref">Author's Address</a></p>
 </li>
         </ul>
 </nav>
@@ -1197,7 +1186,6 @@ <h2 id="name-introduction">
       </h2>
 <p id="section-1-1">Increasingly, policymakers are proposing and implementing regulation that restricts what content young people can access online. A recurring theme in these efforts is that it is no longer considered sufficient to rely on self-assertions of age, and so stronger guarantees are deemed necessary.<a href="#section-1-1" class="pilcrow">¶</a></p>
 <p id="section-1-2">Age restrictions are already deployed on the Internet: for example, some Web sites already require proof of age to create an account. However, when such deployments become more prevalent, they tend to have greater impact upon the Internet architecture, thereby endangering other properties that we depend upon for a healthy online ecosystem. Systems that are designed for deployment in a single, homogenous domain rarely are suitable for the diversity of requirements and considerations that apply to Internet-scale systems.<a href="#section-1-2" class="pilcrow">¶</a></p>
-<p id="section-1-3"><a href="#risks" class="auto internal xref">Section 2</a> catalogues the risks that such systems might incur, expressed in terms of the Internet's architectural principles. <a href="#recommendations" class="auto internal xref">Section 3</a> suggests the properties that an age restriction system should have to be a healthy part of the Internet infrastructure.<a href="#section-1-3" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="risks">
@@ -1239,12 +1227,14 @@ <h3 id="name-privacy-and-security">
 <p id="section-2.2-6">This is the case when verifying services over-collect such information (for example, age estimation services that use photos and biometrics), and it is also the case when users' activity is exposed to the verifying service when age restriction takes place. The latter risk is similar to the risk of tracking and profiling seen on the Web, which the Internet standards community has expended considerable effort to mitigate (see e.g., <span>[<a href="#RFC7258" class="cite xref">RFC7258</a>]</span>).<a href="#section-2.2-6" class="pilcrow">¶</a></p>
 <p id="section-2.2-7">Furthermore, exposing information beyond age to services creates additional privacy and security risks. For example, an age verification system that also exposes the country a person is a citizen of allows sites to discriminate against that attribute, which is beyond the purpose of age restriction.<a href="#section-2.2-7" class="pilcrow">¶</a></p>
 <p id="section-2.2-8">Finally, even on its own a simple attribute like 'age in years' or 'birthdate' can be used to add entropy to an identifier for the end user, creating a new tracking vector when exposed to services that collect such information. See <span>[<a href="#TRACKING" class="cite xref">TRACKING</a>]</span>.<a href="#section-2.2-8" class="pilcrow">¶</a></p>
-<p id="section-2.2-9">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
+<p id="section-2.2-9">In all cases, the privacy and security of an age restriction system needs to be proven: considerable experience has shown that merely trusting assertions of these properties is ill-founded.<a href="#section-2.2-9" class="pilcrow">¶</a></p>
+<p id="section-2.2-10">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
 * Avoid over-collection of information by age verifiers
 * Avoid sharing information about service usage with age verifiers
 * Avoid sharing information other than age information with services
-* Minimise the amount of age information shared with services (e.g., using age brackets)<a href="#section-2.2-9" class="pilcrow">¶</a></p>
-<p id="section-2.2-10">See also <span>[<a href="#PRIVACY" class="cite xref">PRIVACY</a>]</span>.<a href="#section-2.2-10" class="pilcrow">¶</a></p>
+* Minimise the amount of age information shared with services (e.g., using age brackets)
+* Be based upon publicly available specifications that have had adequate security and privacy review to the level that Internet standards are held to<a href="#section-2.2-10" class="pilcrow">¶</a></p>
+<p id="section-2.2-11">See also <span>[<a href="#PRIVACY" class="cite xref">PRIVACY</a>]</span>.<a href="#section-2.2-11" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="barriers-to-access">
@@ -1257,7 +1247,7 @@ <h3 id="name-barriers-to-access">
 <p id="section-2.3-3">For example, many people only have Internet access from public computers (such as those in libraries), and do not have exclusive or reliable access to a smartphone. Others lack government-issued identity documents that some schemes rely upon.<a href="#section-2.3-3" class="pilcrow">¶</a></p>
 <p id="section-2.3-4">While such restrictions may be palatable in a closed system (such as on a single platform or in a single jurisdiction), they are not suitable for Internet-wide deployment.<a href="#section-2.3-4" class="pilcrow">¶</a></p>
 <p id="section-2.3-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
-* Avoid requiring hardware capabilities not widely available in desktop and mobile computers globally, both in terms of performance and specific features
+* Avoid requiring hardware capabilities not widely available in desktop and mobile computers globally, both in terms of overall performance and specific features
 * Avoid relying on a single mechanism for proving age<a href="#section-2.3-5" class="pilcrow">¶</a></p>
 </section>
 </div>
@@ -1266,64 +1256,51 @@ <h3 id="name-barriers-to-access">
         <h3 id="name-fragmentation">
 <a href="#section-2.4" class="section-number selfRef">2.4. </a><a href="#name-fragmentation" class="section-name selfRef">Fragmentation</a>
         </h3>
-<p id="section-2.4-1">If an age restriction system relies too much on legal controls rather than technical capabilities, those controls are likely to be inconsistently applied in different jurisdictions, leading to different experiences for Internet users around the globe.<a href="#section-2.4-1" class="pilcrow">¶</a></p>
-<p id="section-2.4-2">Likewise, a solution that requires special access to computers (such as in “trusted platform modules” or otherwise mandates conformance on people’s computers introduces a risk of limiting the kinds of computers that can be used on the Internet – for example, Open Source Operating Systems and Web browsers are generally unable to provide such assurances.<a href="#section-2.4-2" class="pilcrow">¶</a></p>
-<p id="section-2.4-3">While these tradeoffs may be reasonable in a single jurisdiction, too many differences will create barriers to Internet-wide deployment of services, creating not only centralization risks, but also fragmentation risks -- that the Internet will work in different ways depending on where you are.<a href="#section-2.4-3" class="pilcrow">¶</a></p>
+<p id="section-2.4-1">The likelihood of incompatible age restriction systems being deployed in different jurisdictions around the world introduces a risk of fragmentation -- i.e., that the Internet will not work the same way in different places.<a href="#section-2.4-1" class="pilcrow">¶</a></p>
+<p id="section-2.4-2">Fragmentation is a growing concern for the Internet: various local requirements are creating friction against global deployment of new applications, protocols, and capabilities. As the Internet fragments, the benefits of having a single, globe-spanning networking technology are correspondingly lessened. Although a single factor (such as diverging approaches to age restriction) is unlikely to fragment the Internet on its own, the sum of such divergences increases the risk of fragmentation greatly, risking the viability of the Internet itself.<a href="#section-2.4-2" class="pilcrow">¶</a></p>
+<p id="section-2.4-3">In the context of age restriction, fragmentation is most concerning if someone were to need to understand and interact with (possibly after some onboarding procedure) a new system for each jurisdiction they visit. This would represent a significant barrier for users who travel, and would also present increased complexity and regulatory burden for businesses, potentially leading to further lack of competitiveness in some industries by increasing costs.<a href="#section-2.4-3" class="pilcrow">¶</a></p>
+<p id="section-2.4-4">Fragmentation is best addressed by adoption of common technical standards across jurisdictions. However, it is important to recognise that the mere existence of an international standard does not imply that it is suitable for deployment: experience has shown that voluntary adoption by implementers is important to prove their viability.<a href="#section-2.4-4" class="pilcrow">¶</a></p>
+<p id="section-2.4-5">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
+* Be based upon internationally recognised, open technical standards
+* Be based upon technical standards that are voluntarily adopted by implementers
+* Be coordinated across jurisdictions wherever feasible<a href="#section-2.4-5" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="an-age-gated-internet">
 <section id="section-2.5">
         <h3 id="name-an-age-gated-internet">
 <a href="#section-2.5" class="section-number selfRef">2.5. </a><a href="#name-an-age-gated-internet" class="section-name selfRef">An Age-Gated Internet</a>
         </h3>
-<p id="section-2.5-1">The Internet is designed to be used without permission, both be servers and clients. Easy-to-use age restriction mechanisms risk creating a ‘papers please’ Internet, where a credential is required to access large portions of the Internet. Such an outcome would amplify the other harms listed.<a href="#section-2.5-1" class="pilcrow">¶</a></p>
-<p id="section-2.5-2">This risk is heightened if there are incentives for sites to deploy it, such as access to non-age data.<a href="#section-2.5-2" class="pilcrow">¶</a></p>
+<p id="section-2.5-1">The Internet is designed to be used without permission, both be servers and clients. Easy-to-use age restriction mechanisms risk creating a ‘papers please’ Internet, where a credential is required to access large portions of the Internet's services. Such an outcome would amplify the other harms listed.<a href="#section-2.5-1" class="pilcrow">¶</a></p>
+<p id="section-2.5-2">This risk is heightened if there are incentives for sites to deploy it, such as increased access to non-age data.<a href="#section-2.5-2" class="pilcrow">¶</a></p>
 <p id="section-2.5-3">Access to more granular age information also heightens many risks, because it makes a restriction system simultaneously useful in a broader variety of cases, and more attractive for misuse, because it offers more information about users.<a href="#section-2.5-3" class="pilcrow">¶</a></p>
-</section>
-</div>
-</section>
-</div>
-<div id="recommendations">
-<section id="section-3">
-      <h2 id="name-recommendations-for-age-res">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-recommendations-for-age-res" class="section-name selfRef">Recommendations for Age Restriction Systems</a>
-      </h2>
-<div id="content-marking">
-<section id="section-3.1">
-        <h3 id="name-content-marking">
-<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-content-marking" class="section-name selfRef">Content Marking</a>
-      </h3>
-</section>
-</div>
-<div id="distributed-implementation">
-<section id="section-3.2">
-        <h3 id="name-distributed-implementation">
-<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-distributed-implementation" class="section-name selfRef">Distributed Implementation</a>
-      </h3>
+<p id="section-2.5-4">Therefore, age restriction systems that are intended to become part of Internet infrastructure MUST:
+* Make the use of age restrictions visible to end users
+* Have a structural disincentive for deployment of age-gated services online<a href="#section-2.5-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 </section>
 </div>
 <div id="iana-considerations">
-<section id="section-4">
+<section id="section-3">
       <h2 id="name-iana-considerations">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
+<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
       </h2>
-<p id="section-4-1">This document has no instructions for IANA.<a href="#section-4-1" class="pilcrow">¶</a></p>
+<p id="section-3-1">This document has no instructions for IANA.<a href="#section-3-1" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="security-considerations">
-<section id="section-5">
+<section id="section-4">
       <h2 id="name-security-considerations">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
+<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
       </h2>
-<p id="section-5-1">Age restriction systems undoubtedly have numerous security considerations, should they be deployed.<a href="#section-5-1" class="pilcrow">¶</a></p>
+<p id="section-4-1">Age restriction systems undoubtedly have numerous security considerations, should they be deployed.<a href="#section-4-1" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="sec-informative-references">
-<section id="section-6">
+<section id="section-5">
       <h2 id="name-informative-references">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
+<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
       </h2>
 <dl class="references">
 <dt id="CENTRALIZATION">[CENTRALIZATION]</dt>