Image map - for further information on this news release contact Donald Robertson on +61 2 9334 7980
  NR 130/1999

8 December 1999

ABA decides on adult verification systems for users who wish to access R-rated Internet content

The ABA has decided on minimum system requirements for restricted access systems for Internet content. An ABA declaration setting out the system requirements was tabled in Parliament yesterday.

Restricted access systems are adult verification devices that allow people who are 18 years or older to access adult material on the Internet, whilst protecting children from exposure to material that may be unsuitable for them.

"The declaration provides commercial certainty for the Internet industry," said Professor David Flint, ABA Chairman. "The requirements set by the ABA are consistent with Internet practices used throughout the world."

The declaration sets out the process by which a person can gain access to Internet content that is likely to be rated 'R' by the Classification Board. It relies on credit card validation as a means to check that a person is 18 years or older.

Internet content hosted in Australia that is likely to be classified 'R' and not protected by a compliant restricted access system is potentially prohibited content and may be taken down from the Internet if the ABA receives a complaint about that content after 1 January 2000.

The declaration was developed based on submissions to the ABA from industry and community groups and individual users following distribution of a consultation paper that set out draft system specifications. The declaration also provides for off-line registration processes and anticipates the future use of digital signatures as an electronic means of identity authentication. Following advice from the Office of the Federal Privacy Commissioner, the declaration also provides for certain privacy and security safeguards.

BACKGROUNDER

Internet content hosted in Australia is prohibited content or potential prohibited content under Schedule 5 of the Broadcasting Services Act 1992 if it has been classified 'R' by the Classification Board and is not subject to a 'restricted access system'.

The ABA has the power to declare a specified access control system a 'restricted access system'. A declaration, in the form of a written instrument tabled in Parliament, may be made by the ABA.

In making a declaration, the ABA is to be guided by principles laid down in the Act which have the aim of minimising the financial and administrative burdens on the Internet industry and encouraging the supply of Internet carriage services at performance standards that meet community needs.

Consultation process

The ABA prepared a consultation paper on restricted access systems and sought industry and public comment. The paper contained draft restricted access system requirements and was prepared following consideration of a number of existing identity and age verification processes including:

  • existing adult verification systems in use on the Internet;
  • 100 point identity checks used by financial institutions to verify the identity of people opening accounts; * use of digital signatures; * credit card validation;
  • tax file numbers and medicare numbers; and
  • evidence of identity and age such as certified copy of passport, birth certificate, driver's licence, senior's card or student card.

The consultation paper was distributed to the following industry and community groups and relevant government agencies on 27 October 1999 for comment by 9 November 1999:

Internet Industry Association (IIA) Internet Society of Australia (ISOC-AU) Western Australian Internet Association (WAIA) South Australian Internet Association (SAIA) CSIRO National Office for the Information Economy (NOIE) Office of the Privacy Commissioner Young Media Australia

The consultation paper was also posted on the ABA's website and general comments were sought.

A total of 101 comments on the consultation paper were received by the ABA.

Industry and community groups that provided submissions included:

Internet Society of Australia (ISOC-AU) Western Australian Internet Association (WAIA) South Australian Internet Association (SAIA) Australian Computer Society (ACS) Electronic Frontiers Australia (EFA) Australian Privacy Charter Council (APCC) Young Media Australia (YMA)

The Office of the Federal Privacy Commissioner also provided comments on the Consultation paper .

While Mr Peter Coroneos, Executive Director, IIA, provided comments on the consultation paper, he made it clear that his comments were not the result of consultation with IIA members nor should they be taken to express the view of membership. The consultation paper was however posted on the website of IIA which would have given IIA members the opportunity to provide comments if they so desired.

The Restricted Access Systems Declaration 1999 (No. 1) was developed taking into account the comments contained in the submissions received by the ABA. It sets out minimum system requirements a restricted access system must meet to satisfy the Act. Attached is a copy of the declaration which was tabled in Parliament on 7 December 1999.

Restricted Access Systems Declaration 1999 (No. 1)

made under the Broadcasting Services Act 1992

1. Introduction

1.1. This declaration is the Restricted Access Systems Declaration 1999 (No. 1).

1.2. This declaration commences on gazettal.

1.3. This declaration sets out minimum system requirements for a 'restricted access system' pursuant to subclause 4(1) of Schedule 5 of the Broadcasting Services Act 1992 (the Act).

1.4. Pursuant to subclause 4(2) of Schedule 5 of the Act, in making this declaration, the Australian Broadcasting Authority

  • has had regard to the objective of protecting children from exposure to Internet content that is unsuitable for children; and
  • has been guided by the principles contained in subsection 4(3) of the Act concerning the regulation of Internet content hosted in Australia and Internet carriage services supplied to end-users in Australia.

2. Functions

2.1. A 'restricted access system' will be required, as a minimum, to perform the following functions:

Number Function Description
1. Registration The system will receive applications for registration, either in hard copy or electronically.
2. Qualification/validation The system will verify age. Upon verification of age, the system will allocate a personal identification number (PIN) or password to the applicant.
3. Access To gain access to Internet content subject to the system, the applicant will need to input in full the issued PIN or password. A registered user should not encounter Internet content that is likely to be classified 'R' until entered PIN or password has been verified.

3. Registration

3.1. A person will apply for registration with the system electronically, for example, via a website or email; or in hard copy form, for example, by letter or fax.

3.2. Application forms must specify data items that are mandatory and those that are 'optional'.

3.2.1. Mandatory data items for the electronic lodgement of an application are:

  • name of applicant;
  • declaration that applicant is 18 years of age or over; and either
  • credit card details; or
  • digital signature.

3.2.2. Mandatory data items for the lodgement of a hard copy application are:

  • name of applicant;
  • declaration that applicant is 18 years or over; and either • credit card details; or
  • evidence of age, for example, a copy of passport, birth certificate, driver's licence, senior's card or student card.

4. Qualification/validation

4.1. The system will 'qualify' an application for registration if all mandatory information requirements are provided.

4.2. The following rules will be used to invalidate an application:

  • if applicant has not declared that he/she is at least 18 years of age; or
  • if credit card details cannot be validated; or
  • if digital signature cannot be authenticated in the case of an electronic application; or
  • if evidence of age has not been produced in the case of a hard copy application.

4.3. Upon valid registration, a PIN or password is to be issued to the registered user. It should be a condition of use that the allocated PIN or password should not be passed on to a third person under the age of 18.

4.4. An allocated PIN or password can be changed if the user and/or system administrator suspects the integrity of the data is compromised.

5. Access

5.1. A registered user must input allocated PIN or password to gain access to any website subject to the system.

5.2. Access is to be denied if entered PIN or password does not match registered record of PIN or password.

6. System compliance

6.1. System compliance will be tested if the ABA receives a complaint about Internet content subject to the system.

7. Privacy and security requirements

7.1. The handling of personal information should comply with the privacy standards contained in the National Principles for the Fair Handling of Personal Information issued by the Federal Privacy Commissioner.

7.2. It is highly desirable that the electronic transfer of credit card information be protected with reasonable data security mechanisms. For example, the use of Secure Sockets Layer (SSL) in online registration processes.

What we do l What's new l Search l Publications l Contact us l Home

disclaimer and copyright notice