In a piece for the Washington Post “A booming industry of AI age scanners, aimed at children’s faces”, Drew Harwell opens by quoting an allegation that facial age estimation relies on ‘a style of surveillance that ranges “from ‘somewhat privacy violating’ to ‘authoritarian nightmare.’”’ But if the author understood the technology used for online age assurance – designed explicitly to allow users to prove their age without disclosing their identity – he would realize this assertion lacks credibility, and really does not merit inclusion in the reporting of a reputable newspaper.
Fundamentally, the article is flawed because it conflates two distinct processes. The first collects the training data required to enable artificial intelligence to learn how to estimate ages from a selfie. The second applies the resulting algorithms – with no use of that training data – to entirely anonymous images to estimate age Both elements require careful attention to guarantee data protection and security, but they are completely independent of one another, so should not be bundled together to concoct the perception of a risk which simply does not exist.
Let us start with the creation of training data, which is also required for testing the effectiveness of age estimation tools. The private sector does not have access to the enormous datasets that, for example, the National Institute of Standards and Technology (NIST) was able to draw upon when it wanted to test if age estimation worked. NIST is able to use images of people, with their associated ground-truth date of birth, from US borders, visa applications, and even mugshots.
But the private sector cannot use these datasets to train their age estimation algorithms, so it needs to gather its own diverse training data from thousands of people, but only needs an image and the month and year of birth. The data is therefore considered pseudonymized as it is never associated with the subject’s name, address or even their specific date of birth. When collecting new data to train algorithms, careful attention is paid to obtaining the correct legal consent, and extensive discussions have taken place with data protection regulators such as the UK’s Information Commissioner’s Office. To ensure the algorithms work well for all skin-tones, it is essential to ensure data is gathered from around the globe – so while the efforts to collect data in Africa are mentioned in the article, these will have been replicated across the globe..
This data is never published on the Internet. It is used offline, as machine learning technology looks to spot patterns which are common to people who share the same month and year of birth. So, the risk of this data being stolen is extremely low – zero if you exclude physical theft on a disk – particularly if compared to, say, personal information posted on a social media platform which has multiple access points to the worldwide web and is selectively disclosed to connected accounts, through searches etc.
And how sensitive is this training data? Well, it’s a photo and an approximate age. It is hard to think of what malevolent activities could be constructed with access to those two data points that could not be equally achieved from just a photo taken in a public place and a guess at someone’s rough age. That’s not to say it must not be carefully secured, but no-one should lose sleep simply because they’ve previously consented to being part of such a dataset.
So, the article’s concerns about “a massive collection of faces” from the creation of training data does not in practice “open the door to privacy risks” and certainly not “for anyone who uses the web.”
The author then moves on to the process of age estimation itself.
Except he does not. He switches to describing an age verification process – and one which is now obsolete within the age verification industry – where users “record a live ‘video selfie’ on their phone or webcam, often while holding up a government ID.” This, he states, is “so the AI can assess whether they’re old enough to enter” – but there is clearly no need for AI, as the user is already showing a government ID with their actual date of birth. This is not age estimation; it is age verification. Not understanding the difference between these two categories is a very basic error to find in a newspaper of record.
In fact, for this approach to age verification, nowadays the image of the ID is invariably captured separately. The data may even be read directly from the secure chip in the document by the user’s smartphone. The selfie is merely used to confirm that the user sharing that ID is actually the person to whom it belongs. This is a real-time comparison, so there is no need to store the image. In fact, age verification providers do not store or share either the image or data from the ID – we have long recognized the enormous risks of creating such central databases of personal data as a treasure trove, irresistible to hackers. So, we don’t need to keep that personal data ourselves. We just need to record the user’s age or even just their age-range e.g. 18+ and a unique username or equivalent, pseudonymous way to recognize the user if they need to prove their age again in the future. If you did hack the data, all you would get is a useless list of ages and code numbers that you could not associate with any individual.
But we digress. What of actual age estimations? Can they “boost the chances their personal data could be hacked, leaked or misused.” Well, first of all, the only personal data being used in this process is an image: no name; no address; not even a date of birth. Secondly, the image is analysed instantaneously. There is no need to retain it, any more than there is a need to keep a copy of the selfie or passport used in the AV process above. Retaining data is expensive and risky – so it makes no commercial sense, and is often illegal under data protection laws such as GDPR if it is not necessary.
The author eventually acknowledges that providers such as Yoti and Incode (both members of the AVPA) take privacy seriously, including by deleting images after a person’s face is analyzed, but that did not appear to influence the panic expressed in the earlier part of the article or impede the use of histrionic quotes.
Concerns about accessibility and inclusion are always worthy of attention, but have not been ignored by the age assurance industry. Re-usable age checks mean those who need assistance to complete the process need only get it once before using that check across multiple apps and websites; and a variety of methods, including those suitable for undocumented individuals such as estimation and professional vouching ensure age assurance is available to all. Age estimation is never used in isolation with no alternative – indeed GDPR and much novel legislation around the use of AI for profiling users requires the ability to correct erroneous conclusions.
Laying concerns that lawmakers could outlaw some free speech at the door of the age assurance industry is unfair. Those lawmakers can outlaw content whenever they wish, subject to the checks and balances of the constitution. Whether age assurance is involved is entirely irrelevant.
We are of course supporters of these tools but we do not, as the article assumes, “acknowledge that age checks could fuel a profound expansion in government oversight of online life”. They merely seek to apply the same norms to protect children that we have in the real world to our virtual existence. We would not allow our kids to go downtown and walk into bars, casinos and strip-clubs without an age check turning them away – so why would we not do the same online or in the metaverse where we spend an ever-increasing share of our time.
And what are the “intimate details of their lives” age assurances are alleged to require. A selfie that is anonymous and immediately deleted. (You can even keep your clothes on, so it is hardly intimate.) NIST would not have deemed this an important area in which to conduct regular benchmarking if it was concerned about such a risk to sensitive data, or if it did not think it was a worthwhile endeavour, of use to society.
NIST states in the Executive Summary to its report:
“Age assurance is the subject of recent legislation both inside and outside the United States. This has driven the need for age assurance methods to support applications such as verification that a person is above age 18, 21, or other key ages (e.g., for sale of alcohol or online access). While the mechanism for estimating age may not be specified in legislation, software-based face analysis is one potential approach supported by ubiquitous inexpensive cameras.”
The report also goes on to underline that “Age estimation can operate statelessly with no requirement for persistent storage of a photo or biometric data derived from it.”
It is also ignorant to argue that companies are unproven and unregulated – the AV industry began in Europe where strict data protection laws apply. And many are audited and certified against international standards by government approved auditors – a simple search for “certification of age estimation” links directly to the leading Conformity Assessment Body in the field, the Age Check Certification Scheme (ACCS).
As to providers being “unknown”, the Washington Post has kindly addressed that for three of our members, and the rest are listed on our website. Google operates facial age estimation, incidentally also certified by ACCS – hardly an unknown organization.
The author prays in aid the judge reviewing Indiana’s law requiring age verification for pornography. But it is clear that he misunderstood how age estimation would be applied in this particular use case. The test would not be set at 18 but rather several years older, perhaps 21, so the margin for error would still correctly exclude nearly every minor. For those who are then false negatives – old enough to access legally but who are estimated under the test age – they are always given alternative means to prove their age using verification methods. Age estimation is just a really simple and quick option that will work for almost anyone over 21, just as store owners oftentimes don’t ask customers who look over 35 for ID before selling them liquor.
The answer to fears users will go to unregulated sites are best addressed through enforcement. We do not give up carding people in the classy bars because the dive bars don’t bother. Regulators can be given powers to block access to sites, or more effectively, to require payment and other business critical services to be withdrawn from non-compliant platforms.
Costs are not prohibitive – Yoti’s published rates are quoted but a broader estimate of cost based on a survey across the industry by the UK government was 12 cents per check. This is usually only required when a user first accesses an age-restricted site, or perhaps renewed annually and the same Impact Assessment expected to fall due to tech and interoperability.
Although this is a competing approach to our own, we should still point out that asking device and app-store makers such as Apple and Google to do checks also does not create any central storehouse for data, as the author believes.
As we’ve already explained, sensitive pieces of information are never linked to people’s faces, as we know the risks of creating a honeypot for hackers, so we do not do it.
The VPN fallacy is then mentioned. To be clear, no single piece of legislation anywhere in the world has a clause stating “You must prevent kids in our jurisdiction from accessing porn online, unless they use a VPN in which case it’s fine.” There is no get-out-of-jail free card for the adult site howsoever a child connects to it – directly, with a VPN or using two paper cups and a piece of string.
There is another concession to the high standards of the age assurance industry in the article when it accepts that “liveness checks” cannot be easily defeated by AI generated deepfakes. We are not complacent about this and our members are permanently vigilant to attacks, while collectively we are participating in an initiative with leading academics at the Swiss research institution, Idiap, to continuously improve our defences.
Our mission is to make the Internet age-aware. That is a foundation for a safer online world. It allows us to keep predatory adults away from kids. It can prevent harmful content driving children to kill themselves, or become anorexic. There are of course costs and compromises required with many safety measures. Seatbelts are expensive components in cars, and can be annoying to wear on a hot day. Showing our ID every time we buy a bottle of wine, when otherwise we could just use a self-service checkout, is annoying. But children need no less protection online than they do in real life. The costs are minimal and falling further as technology improves. The risks are mitigated through innovations such as zero-knowledge proof and on-device processing.
The Washington Post article paints a very misleading picture, failing to understand the capabilities of the age assurance industry. If we can put a man on the moon, we can prove your age online without risking your privacy. There is a tsunami of new laws around the world requiring online age assurance because policy-makers have realized this is both necessary and feasible. This is an article which will not age well.
