Why requiring proof of ID to use social networking sites won’t work

I got a big laugh at WordCamp London when I showed the audience this tweet as an example of an “unhelpful intervention”.

The idea of being required to present proof of identification to use social networking sites is obviously a dystopian nightmare borne out of desperate political populism. Aside from that, though, the idea has already been proven – in the courts – to be a non-starter.

In 2013 the High Court of Justice in Northern Ireland handed down a judgement in a case known as HL (A Minor) v Facebook Incorporated & Ors. That link comes with a trigger warning: it is a dreadfully heartbreaking story. The case was filed by the father of a minor – HL in court parlance – who was twelve years old. For reasons which are not ours to know, HL was damaged to the point where she was actively and graphically procuring herself to men on Facebook. The judgement spelled out her story:

“It is suggested that she has been doing so vis-à-vis several different accounts with differing profile names. Both the Plaintiff and the school which she attends are readily identifiable. She belongs to a group with membership of some 63,000 persons who engage in this conduct. The Plaintiff is described as a particularly vulnerable young lady who is beyond parental control. She is the subject of an Interim Care Order. During the past two years she has continually absconded and has been found in circumstances where she has been consuming alcohol or drugs in older male company. She has also committed offences and has attempted suicide. From July 2012 to January 2013 she was the subject of a Secure Accommodation Order. She currently resides in a specialised unit, which appears to be a grade below secure accommodation. Her care plan requires all relevant agencies to actively prevent her from absconding or accessing mobile phones or the internet. This has been infringed on occasions.”

Twelve years old at the time of the court case; eleven years old at the time she was doing all that. Eleven.

Her father – desperate to find some way to get her under control – chose to blame Facebook. The case stated:

The gravamen of the Plaintiff’s case against Facebook is that it has failed to prevent access by her to this social network site. It is alleged that Facebook, while aware of the extreme risks to children such as this Plaintiff, has failed to require age and identity verification or express parental consent as a precondition to the registration of an account by children. While it is acknowledged that there is a monitoring system, this is condemned as inadequate. The pleading contains the following passage:

Facebook is content to request its members to tender credit cards for password verification and purchase of Facebook credits. It has further called upon members to verify their identity by way of birth certificate for formal government identification in certain instances. It is submitted that these identifying checks, alongside express parental consent, can and should be made a pre-requisite to membership.

The father tried to do this by requesting an an interim injunction requiring Facebook

“to undertake steps” to ensure that the age and identity of all members or users of Facebook.com within this jurisdiction, including the Plaintiff, are verified in advance of permitting access to the site.

In its deposition, Facebook told the court that

“It is not feasible for Facebook to verify the age and identity of each individual user…Facebook could not prevent an individual from lying or providing false documents or information. On top of this, such a procedure would categorically deny access to Facebook to millions of people and implicate privacy law concerns throughout the world…Facebook rejects the notion of broad censorship to prevent a single individual from creating a user account and profile.”

They also noted that each time they were alerted to the girl’s use of the social networking site through their own formal reporting mechanism, they disabled her accounts – four different ones over the course of a year. The judge took this into consideration; clearly, he said, there is a system that works when used properly, so why require every user of Facebook to act as if they are under suspicion? Extended to Facebook’s full membership base, the thought of Facebook holding a global database of one billion scanned birth certificates should give anyone cold chills.

The judge further noted that the way that the plaintiff filed his injunction made it impossible to enforce.

The Court will not order any Defendant, by the medium of an injunction, to “take all necessary steps” to do something or to “undertake steps” to like effect.

None of this changes the fact that minors do and will abuse Facebook, and that Facebook carries some responsibility for that beyond the constraints of its own terms and conditions. The issue is proportionality. The father was demanding that Facebook change the way it does business across the globe to prevent one person’s misuse of the site. That is not what the courts exist to do.

Furthermore, by requiring parental verification in addition to the ID verification, the implication is that two sets of official ID documents – the parent’s and the child’s – would have to be submitted at the same time. That would only prove the identities; it would not stop the unacceptable behaviour. Indeed, what good would parental account verification have done in this Scottish case, where it was the parents and family using Facebook to continue their abuse of an irreparably damaged child from a distance?

In further litigation the judge described an ID requirement for social media as carrying the risk of “being oppressive, overly time consuming and costly.”

HL’s story is heartbreaking but repairing her damaged soul could not – and never could – be achieved by requiring social networking sites to expand data collection activities on users. Any politician attempting to gain votes by suggesting that social media sites should demand a scanned copy of your birth certificate or drivers license as a prerequisite for use should, quite simply, be laughed out of the room.

About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.