The Weekly Cybers #85
Vibe-based guidelines for Australia’s social media age restrictions, Kmart slapped over facial recognition, a $92,000 tweet, and more.
19 September 2025
Welcome
Right, we’re back. Sorry there wasn’t an edition last Friday, but I really did have the dreaded lurgi. I’m much better now, thanks for asking.
Since then the news has been dominated — again! — by Australia’s social media age restrictions. I’m continuing cover them in some details because they do affect every Australian, despite that the eSafety Commissioner may say.
They also illustrate the government’s approach to digital policy development, and it’s not a pretty sight.
There’s also been a lot about that assassination and the subsequent online frothing, but that’s a little outside the scope of this newsletter. At least for now.
At some point I’m hoping to write at more length about the government’s changing attitudes to AI, but that will have to wait for another time.
Social media age restrictions softer than imagined
This week the eSafety Commissioner, Julie Inman Grant, published Regulatory Guidance (PDF) for the social media age restrictions which come into force on 10 December — just 11 and a bit weeks away.
Overall, the vibe is that it’s pretty vibes-based. There’s no legally enforceable effectiveness standard, no need to verify the age of every user, and a belief that social media platforms can do magical age assurance using data they already hold.
“They can target us with deadly precision when it comes to advertising, certainly they can do this around the age of a child,” Inman Grant said.
This is common false belief: If one complicated thing can be done with technology, then some other complicated thing can also be done.
How the logic of age assurance rhetoric fails
Inman Grant said that social media firms were using “scare tactics” when they said everyone would need to have their age checked. Your writer has also said this, and it aligns with pervious comments by officials.
It also aligns with the basic logic of the situation. If you want to ensure no one under 16 is on the platform, you have to check — using the everyday meaning of the word — that everyone is 16 or older.
Whether you do that by age verification (using ID), by age estimation (using biometrics), or age inference (looking at a user’s behaviour or simply noting that their account has been open for more than 16 years) — the latter two are often grouped together as “age assurance” — you’re still checking.
There’s also a problem with Inman Grant’s encouragement for platforms to use a “multi-layered, waterfall approach”, by which she presumably means that if one method fails a user can try another, and her final proviso.
“The provision of government ID can never be the sole or final choice — there must always be alternatives,” she said.
But age assurance technologies have a substantial error rate. If they fail, then for a significant number of users their government ID is the only option left.
I guess we’ll square that circle when we get to it.
Does age assurance technology even work well enough?
There’s a strong argument for the conclusion that age estimation systems simply don’t work as advertised. Indeed, the tools are least accurate in precisely the age range they need to work, according to a Guardian analysis of the tech trial data.
“[The tools] might be good enough to distinguish between a 16-year-old and a 30-year-old, but they certainly are not good enough to distinguish between a 16-year-old and a 15, 14, or indeed 17-year-old,” says Prof Tama Leaver from Curtin University.
“The trial data shows false positive rates (where a person has falsely been predicted to exceed the age requirement) of between 25% and 73% for kids under 16. It is only when someone’s actual age is 18 or higher that the error rate generally falls below 5%.”
The technology also shows racial biases, the Guardian reported, with young people from Indigenous and Asian backgrounds being more likely to be miscategorised.
Wippa and Albo are going global
It’s worth remembering that much of the push for the age restrictions came from a radio presenter, Nova’s Michael “Wippa” Wipfli, as well as state premiers who’d been influenced by the somewhat discredited book The Anxious Generation, and a group off parents whose kids had succumbed to bullying.
The call was amplified by News Corporation outlets, who have their own reasons for their relentless negativity towards the online giants.
To be clear, young people do indeed experience problems online. But the speed and scope of the government’s reaction have reeked of “Something much be done. This is something. Therefore this must be done”. The recent softening of their approach would seem to highlight this.
Nevertheless, Wippa has been crowing about this victory, and next week he’ll join prime minister Anthony Albanese at the United Nations to promote the ban.
Wippa told Nine’s Today that this opportunity to bring the age restriction to a global audience “should be a real moment of national pride for Australia”.
Roblox to lock down accounts for under-16s
The eSafety Commissioner scored a great announceable this week with the news that Roblox, a game with around 79 million players globally every day, will be introducing locked-down accounts for under-16s.
The measures including making account private by default — although why that isn’t the case for everyone is an interesting question — and giving parents the power to disable chat.
Voice chat will not be permitted between adults and children aged 13 to 15, and in theory no one under 13 is using the service.
A few days earlier the New York Times had reported on the case of Roblox user Ethan Dallas, whose years-long experience on the platform led to deadly abuse (gift link).
Coalition wants to review the eSafety Commissioner
As The Mandarin reports, the Coalition is calling for a root and branch review of the powers of the e-Safety commissioner, Julie Inman Grant.
“The world is a very different place now. She has extraordinary powers. She’s just released another six codes. There doesn’t seem to be much transparency in the decision-making behind codes,” the shadow minister for communications Melissa McIntosh told Canberra radio 2CC last week.
“And I think it’s a fair question to ask, ‘Well, is her role fit for purpose? Should she have this much power over our country, including adults? And let’s look into it a bit deeper.”
IF YOU FIND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip. Or you might like to support my current crowdfunding campaign, The 9pm Spring Series 2025, which ends this coming Thursday 25 September. Please consider.
Also in the news
- Kmart Australia’s use of facial recognition, purportedly to reduce refund fraud, was ruled to have breached the privacymod hundreds of thousands of people over a two-year period. That this period was way back in 2020–2022 highlights to poor resourcing of the Office of the Australian Information Commissioner (OAIC). The Conversation has some analysis.
- The Coalition has appointed Tasmanian Senator Claire Chandler as shadow minster for science and cybersecurity.
- The Australian Communications and Media Authority (ACMA) says that platforms are removing less disinformation content (PDF), at least to the end of 2024, although some say this is down to “advancements in operational and moderation capabilities”.
- Brittany Higgins’ husband David Sharaz will have to pay $92,000 for a tweet that defamed former defence minister Linda Reynolds.
- The University of NSW Sydney has signed Australia’s biggest ChatGPT Edu deal with OpenAI, which includes 10,000 licenses.
NEW PODCAST: I chat about conspiracy theories in Australia in The 9pm Conspiracy Nation with Ariel Bogle and Cam Wilson, authors of the book titled, you guess it, Conspiracy Nation. Look for “The 9pm Edict” in your podcast app of choice.
Elsewhere
- ChatGPT will develop an age-prediction system, following the death of a 16-year-old who’d spent months talking to the chatbot.
- Russian state TV has launched an AI-generated news satire program.
- From The Australian Strategic Policy Institute, a report on the criminal scam industry in Myanmar.
Inquiries of note
Nothing new today.
What’s next?
Parliament is currently on a break until 7 October, when the House of Representatives returns and Senate Estimates hearings are held. That’s 18 days from now.
DOES SOMETHING IN THE EMAIL LOOK WRONG? Let me know. If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.