I like the spirit but wouldn't this run afoul of one or two laws? Identity fraud or some such?
I'm not in the UK, so I don't have any idea about their laws, but I'd be shocked to find this was above board. Your FAQ claims it's a parody site and claims "The ID number isn't valid and you can't use the card for anything real." but you've just confirmed here it can indeed be used for real things (discord, reddit).
Your domain registration is UK-based, so, be careful!
It's certainly illegal to make fake IDs, but I don't know if that applies to just generating an image rather than fully forging a physical copy. And anyway these images look nothing like the real IDs: https://en.wikipedia.org/wiki/Driving_licence_in_the_United_...
Hmm, yeah. It’s almost as if they deliberately made them look less like the real ID’s, because I have little doubt that openai would be perfectly capable of generating that image.
Another thing to think about is that this is just passthrough from an AI model. If it's illegal to make a website that spits out fake IDs, then OpenAI is illegal until they filter them.
I'm not sure that argument would hold up legally. You could use an image editing site to create IDs and counterfeit currency as well, but such sites are legal.
This is only for images of money with a specific digital watermark; it doesn't detect the EURion constellation, so you can take your own and work with it just fine.
True but the wording of the act actually places the onus on the service provider to verify the identities, not on the user to give them. It would be Discord in this case having to make the legal defence.
>It would be Discord in this case having to make the legal defence.
There's no rule that only 1 entity can get in trouble.
If I use a fake ID to by smokes while underage, I will definitely get in trouble for that and the store that sold me the smokes may also get in trouble (depending on how realistic the ID is, etc.). If the provider of my fake ID is found, they also get in trouble.
I haven't yet heard a compelling argument why this website (who, in the analogous scenario above, would be the fake ID provider) would not be subject to the same logic.
I hope that the defense of "this is a satirical website" is strong enough (or preferably, it never even has to be put to the test), however given what I've gathered about the general attitude UK legislators have regarding the internet, I think it is more likely that they would do anything in their power to try and punish someone operating a site like this.
Law often focus on intent. I am not sure if identity fraud can be applied if the person are not gaining anything (assuming they are of the right age). Service providers might be of fault if their verification practices are not compliant with regulations, but I don't know if the law puts any requirements on users to verify their identity.
To me this seems more similar to a people participating in a masquerade or comedian who dress themselves in the likeness of a politician. They are using the identity of the politician, but not in the way that identity fraud is intended to prevent.
Domain registration is an interesting example. To my knowledge, falsifying domain registration data is not a crime. Domain registrars have regulations to verify the identity of customers, including the recourse to suspend a domain if the data is incorrect. I could see a case if a person impersonate a politician in order to falsely attribute content of a website, under a registered domain name, as belonging/sanctioned by that politician, but that would likely fall under defamation laws. The crime could also be identity fraud, but the intent would be defamation.
>Service providers might be of fault if their verification practices are not compliant with regulations, but I don't know if the law puts any requirements on users to verify their identity.
As I mentioned in another comment, I've heard no compelling argument that differentiates between this scenario (e.g. kid uses this site to access a nsfw subreddit) and an underage kid buying smokes with a fake ID.
In that scenario, the police don't just pick 1 entity to punish. The kid gets in trouble, the store (most likely) gets in trouble, and (if found) the fake ID supplier gets in trouble.
In the end, I hope that the owner of the website never has to find out exactly where and how the laws shake out, and that "it's a satirical website" is a strong enough defense. But from my armchair, I would suspect that the UK police/legislators would not look favorably on the "it's satire" defense. Especially because of this post which advertises that the fake ID works for some services, and there are under-18s on HN.
>Law often focus on intent.
I would expect that advertising that the IDs work on real services undermines any defense of "my intent was satire".
In the case of the underage kid, they are actually gaining something by using a fake ID to buy smokes for which they otherwise would not be able to buy. The situation that the website is promoting would be if the kid used an ID of an other underage kid, for which they would be equally denied to buy smokes with. The outcome (and intent) need to be one where the user do not gain anything practical.
I work at a domain registrar and I have yet to here anyone talking about criminal punishment for false registration data. I have also never heard about any one being charged for filling in the wrong phone or email address when signing up for a service or membership.
Looking at my local laws here in Sweden, the law text for identity fraud explicitly requires that the use of something else identity must result in some for of direct harm to the person. UK law could be different, but I have yet to hear something to indicate this.
>In the case of the underage kid, they are actually gaining something by using a fake ID to buy smokes for which they otherwise would not be able to buy.
The scenario I was comparing is an underage kid visiting this website, generating an ID, and accessing content that would otherwise be illegal for them to access by using the fake ID. In this scenario, everyone (potentially) would be in trouble, not just the website verifying the ID, just like an underage kid buying smokes with a fake ID.
The reason I mentioned domain registration was not because it is illegal to register a domain or anything of that sort. I mentioned it because it suggests the website owner is based in the UK, which is easy pickings for the UK government to pursue (if they choose to). If the website owner was based in Malaysia, it would be significantly harder for the UK to pursue any legal recourse against them (if they choose to).
What does the online safety act actually say about this? It's only supposed to be age verification, and if you are actually old enough does it matter how you proved it?
Many of the age verification services explicitly promise not to retain photos!
As I understand it, Wikipedia are seeking judicial review of OFCOM's placing them in category 1, which requires the most stringent checks including identity.
The generated addresses aren't real. It gave a London address for my MP; I know where he lives and it isn't London.
Most MPs' home addresses are actually quite easy to find. Mine's was printed below his name on the ballot paper last election – a nice reminder of how we used to have a high-trust society. I doubt this practice will be continued for much longer.
>The only way you'd ever get found out is if the affected MP was lying to the public and the identity documents do indeed get retained...
I'm more talking about the developer of the site rather than the users. And the developer could potentially be found out if they posted it on a popular hacking website and used a known alias and registered the domain in the UK.
But, if they're comfortable, all the more power to them. As I said, I do really like the spirit of the site.
If I was that developer, I'd blacklist embedding of all British MPs and councilors to avoid fraud. This would also block the entire UK political class from accessing adult materials (I got blocked by a wine forum), which would be a very effective protest...
> I like the spirit but wouldn't this run afoul of one or two laws? Identity fraud or some such?
I would say not, but then again I'm no lawyer.
There's plausible deniability in that there's a big "this is satire" watermark on top of the licence. The DOB in part 3 is wrong, and the driver number in part 5 is modified to include the 5 letters of the surname, but is otherwise incorrect. The DOB encoded in the licence number doesn't even match the wrong DOB in part 3 either.
If anything accepts this as valid ID, then it just shows how farcical the system is.
I agree, the UK Police wouldn't typically let you get away with "it's just a joke". This would constitute a mixture of identity theft, fake ID and misuse of computers.
It's literally just sticking the MPs name into an AI and asking for it to generate a mock ID for them. None of their real data is being used (e.g. their face, their DoB, the address) and the mock IDs wouldn't fool anyone for a second. I'd love if someone who understands the law would weigh in though
We hold that LLMs are incapable of generating copyrighted images, so it's not just a tool - if it was just a tool then the author would be able to copyright the images. The courts recognise that an LLM is capable of generating things in its own right (which is why they're not copyrightable - copyrights only protect human works).
So it follows that an LLM must be able to create images itself, separate from the human prompter.
Whether that's enough to absolve the human of the crime, though - IANAL, and I suspect it would take the House of Lords to rule on it definitively.
You're overthinking it. You're building on your own definition of what a tool is, but courts are likely to find that a person who used an AI with a specific type of prompt were using it as a tool and are responsible for the clearly stated intent behind their use.
Whether that's actually legal in this case I don't know, but I'm pretty sure courts won't conclude "welp, it was the AI, not the user" in a case like this.
Yeah, probably you're right. Though it is an interesting thing to overthink - we have decided that LLMs are not tools for copyright but are tools for accountability. At some point they'll get smart enough to be accountable, and what happens then?
the law is pretty fickle that way. It's illegal to rob a bank no matter how badly you bungle it. Saying afterwards "but my gun was clearly made of plastic" probably won't get you completely off the hook if you actually threatened someone with it and asked for money (this site is literally titled Use Your Local MP's ID - it's expressing an intent).
Does the AI has access to newspapers? If John Doe is a MP, then he is probably the most famous Joe Doe in the last 5 years and the AI may grab his photo from a newspaper. I don't know about the national ID in UK, but here in Argentina the national ID number is public. A lot of public documents include "John Doe (DNI 23.456.789)", and the are sites where you can search it (the DB has problems with almost coalitions, so you may get a number 23.456.789 from one "John X. Doe" that is a 50yo in Buenos Aires and another "John Y. Doe" with number 59.876.653 that is a 3yo in Ushuaia, so in many cases it's easy to guess)
I wasn’t jesting. I was (too) obliquely saying that when we all hasten to accede to the autocrats before they even ask, we become complicit in huge social evils.
I’m not suggesting that everyone most do self-immolation, but if it were me, I would draw the line at being afraid of being “caught” for an obvious prank using no PII. Screw that, come arrest me if things have really gotten that bad.
I'm not in the UK, so I don't have any idea about their laws, but I'd be shocked to find this was above board. Your FAQ claims it's a parody site and claims "The ID number isn't valid and you can't use the card for anything real." but you've just confirmed here it can indeed be used for real things (discord, reddit).
Your domain registration is UK-based, so, be careful!