Perhaps the most frequent concern raised about age verification is a risk to privacy. But the essence of age assurance is the ability to prove your age online WITHOUT disclosing your identity. Our industry would not exist were there not the absolute need to preserve anonymity online – our role could simply be performed by one of the many digital identity providers, or by uploading your passport to any adult-content site you visit.
So, how do we protect your privacy when we check your age?
Structural Safeguards
The fundamental answer is structural. Instead of you proving your age directly to an adult website, you do so to an independent third party which, once it has confirmed that a user is old enough, deletes any personal data used in that process, and simply answers “yes” or “no” to the question “Is this user 18 or older?”.
Legal Protection
In Europe, the General Data Protection Regulations (GDPR) make it a legal obligation to minimise the use of personal data, and apply “privacy-by-design” principles when setting up age assurance services. US states passing laws requiring age verification are generally including similar provisions to GDPR in those Bills, or referencing their existing state data protection laws such as the California Consumer Privacy Act so any age assurance service is legally required to delete personal data immediately after age has been checked, usually with very stiff financial penalties for not doing so. Not all solutions even require personal data to leave the user’s own device, but where it does, then the same level of security is applied as you find in banking or healthcare to meet these legal requirements for data security
Hacking
There is a maxim that the only non-hackable database is no database at all. Of course, measures such as encryption can defend against hackers, but we avoid relying on such technical defences as much as possible. So, we do not create any new central databases of personal data as part of the age verification process. Once a user’s age has been confirmed, any personal data (including any images or data derived from images) is deleted. Users may retain access to their proof of age, but this can be achieved with an anonymised username, or the data can be kept on their own device, accessible only with their own password, PIN or even a biometric password such as a fingerprint. There is no need to retain any personally identifiable information (PII) to provide age verification – and if there is no need, why risk storing it?
Audit and Certification
But as an industry, we recognise that we need to go further than simply obeying the law. So we have worked with leading experts from around the world to create international standards, such as the latest approved standard, IEEE 2089.1 and a soon to be agreed global standard, ISO 27566. Government approved auditors inspect providers’ systems against these standards, and provide certification that guarantee that data security, data privacy as well as the age checking measures themselves have all been rigorously tested.
Technological Measures
Above and beyond this, technology also facilitates additional options to provide further privacy protection. The French data protection authority, (DPA) the Commission nationale de l’informatique et des libertés (CNIL), developed a zero-knowledge proof approach, which uses modern encryption techniques to ensure that the age verification process is “double-blind.” A number of French providers are offering this option which makes it impossible for both the website and the age verification provider to know the identity of the user.
The Spanish DPA, Agencia Española de Protección de Datos (AEPD) recently built three prototypes for device-based AV apps which will allow the whole AV process to be conducted locally, without any personal data leaving the user’s smartphone or games console.
The age verification industry has agreed to incorporate these recent innovations into its global standards – and is implementing the through a non-profit NGO based in Belgium – euCONSENT ASBL (with funding from Safe Online).
Combatting Phishing
There are those who worry that age assurance could become a focus for phishing attempts. Of course, this is a risk for many industries online, and we take it as seriously as banks and healthcare companies. But there are some built-in measures that mitigate the risk. Usually, users will be referred to an age verification provider by the site they wish to visit, and for many this is likely to be a major social media platform or other reputable site which has done careful due diligence on its business partners. Even leading adult content websites take the risk of data breaches seriously, knowing that any data breach could destroy their business overnight.
As interoperability is now rolled out into live operation, then to join the network that facilitates this, regular audits will be required; fake sites will not be able to join such a network. Users can also check the credentials of a provider through the auditors’ published registry of certified suppliers, and use the links provided there to check they are using the legitimate provider.
Alternatives to Age Verification…
An alternative option popular with users is facial age estimation. This uses machine learning technology to estimate a user’s age based on a digital map of their face. This is not facial recognition – indeed, the amount of data required to identify someone is far greater than the amount used to estimate age, and of course the digital map is deleted as soon as an estimate has been made. The leading providers have been tested to show an average estimate within 1 ½ years of the real age. For this reason, it is generally used for people who are somewhat over the minimum age who, for example, appear to the software to be over 21, so we can be very confident they are, in fact, at least 18. This is essentially what every member of door staff does when they see someone who looks middle aged or older to them; they let them in without asking for ID because if they look that old, there’s very little chance they are in fact under the legal drinking age. And as this technology develops, not only is accuracy improving all the time, but the amount of data and processing power has shrunk to the point the whole exercise can be done on the user’s smartphone, so they need not even send their image to be analysed by the AV provider’s own systems. Users who are only a year or two older than a legal minimum age will probably still need to use a conventional age verification option (as will anyone who prefers not to use this method for any reason) but for the majority of older adults, this is a really convenient choice.
Summary
The mission of the age verification sector is to make the Internet age-aware – not identity-aware. Anonymity is at the heart of what we do. When we show our drivers’ license at the door of a bar, we’re actually sharing a lot more personal information than just the fact we are old enough to enter. Staff may even photograph the ID for their compliance records – complete with name, date of birth and address. Online we do not need to be so revealing – technology is more than clever enough to prove our age without disclosing any other aspects of our identity beyond the fact we are “older than x”.
If we can put a man on the moon, then it’s not rocket science to verify your age online in a way that fully guarantees your privacy.