Online services content regulation - Restricted access systems

Online services content regulation
Restricted Access Systems

ONLINE

Overview of regulatory scheme

Community education

Research

International liaison

Information for Internet service providers (ISPs) and Internet content hosts (ICHs)

Background/history of the regulatory scheme

Other links

An ABA declaration setting out minimum system requirements for restricted access systems was tabled in Parliament on 7 December 1999.

Restricted access systems are adult verification devices that allow only people who are 18 years or older to access adult material on the Internet. Restricted access systems protect children from exposure to material that may be unsuitable for them.

The declaration sets out the process by which a person can gain access to Internet content that is likely to be rated 'R' by the Classification Board. It relies on credit card validation as a means to check that a person is 18 years or older.

Internet content hosted in Australia that is likely to be classified 'R' and not protected by a compliant restricted access system is potentially prohibited content. If the ABA receives a complaint about that content after 1 January 2000, it may direct the relevant Internet content host to remove that material from its service.

The declaration was developed based on submissions to the ABA from industry and community groups and individual users following distribution of a consultation paper that set out draft system specifications. The declaration also provides for off-line registration processes and anticipates the future use of digital signatures as an electronic means of identity authentication. Following advice from the Office of the Federal Privacy Commissioner, the declaration also provides for certain privacy and security safeguards.

Restricted Access Systems Declaration 1999 (No. 1)

made under the Broadcasting Services Act 1992

1. Introduction

1.1. This declaration is the Restricted Access Systems Declaration 1999 (No. 1).

1.2. This declaration commences on gazettal.

1.3. This declaration sets out minimum system requirements for a 'restricted access system' pursuant to subclause 4(1) of Schedule 5 of the Broadcasting Services Act 1992 (the Act).

1.4. Pursuant to subclause 4(2) of Schedule 5 of the Act, in making this declaration, the Australian Broadcasting Authority

has had regard to the objective of protecting children from exposure to Internet content that is unsuitable for children; and

has been guided by the principles contained in subsection 4(3) of the Act concerning the regulation of Internet content hosted in Australia and Internet carriage services supplied to end-users in Australia.

2. Functions

2.1. A 'restricted access system' will be required, as a minimum, to perform the following functions:

Number	Function	Description
1.	Registration	The system will receive applications for registration, either in hard copy or electronically.
2.	Qualification/validation	The system will verify age. Upon verification of age, the system will allocate a personal identification number (PIN) or password to the applicant.
3.	Access	To gain access to Internet content subject to the system, the applicant will need to input in full the issued PIN or password. A registered user should not encounter Internet content that is likely to be classified 'R' until entered PIN or password has been verified.

3. Registration

3.1. A person will apply for registration with the system electronically, for example, via a website or email; or in hard copy form, for example, by letter or fax.

3.2. Application forms must specify data items that are mandatory and those that are 'optional'.

3.2.1. Mandatory data items for the electronic lodgement of an application are:

name of applicant;

declaration that applicant is 18 years of age or over; and either

credit card details; or

digital signature.

3.2.2. Mandatory data items for the lodgement of a hard copy application are:

name of applicant;

declaration that applicant is 18 years or over; and either • credit card details; or

evidence of age, for example, a copy of passport, birth certificate, driver's licence, senior's card or student card.

4. Qualification/validation

4.1. The system will 'qualify' an application for registration if all mandatory information requirements are provided.

4.2. The following rules will be used to invalidate an application:

if applicant has not declared that he/she is at least 18 years of age; or
if credit card details cannot be validated; or
if digital signature cannot be authenticated in the case of an electronic application; or
if evidence of age has not been produced in the case of a hard copy application.

4.3. Upon valid registration, a PIN or password is to be issued to the registered user. It should be a condition of use that the allocated PIN or password should not be passed on to a third person under the age of 18.

4.4. An allocated PIN or password can be changed if the user and/or system administrator suspects the integrity of the data is compromised.

5. Access

5.1. A registered user must input allocated PIN or password to gain access to any website subject to the system.

5.2. Access is to be denied if entered PIN or password does not match registered record of PIN or password.

6. System compliance

6.1. System compliance will be tested if the ABA receives a complaint about Internet content subject to the system.

7. Privacy and security requirements

7.1. The handling of personal information should comply with the privacy standards contained in the National Principles for the Fair Handling of Personal Information issued by the Federal Privacy Commissioner.

7.2. It is highly desirable that the electronic transfer of credit card information be protected with reasonable data security mechanisms. For example, the use of Secure Sockets Layer (SSL) in online registration processes.

What we do l What's new l Search l Publications l Contact us l Home l Online services content regulation