“The CNIL [the French data protection commission] has analysed several existing solutions for online age verification, checking whether they have the following properties: sufficiently reliable verification, complete coverage of the population and respect for the protection of individuals’ data and privacy and their security. The CNIL finds that there is currently no solution that satisfactorily meets these three requirements. […] The CNIL deems it urgent that more effective, reliable and privacy-friendly devices be proposed and regulated as soon as possible,” the Commission stated in a report published last September.
Why does this matter: Mandatory age verification is increasingly becoming the norm for many online services due to regulations. For example, India’s proposed data protection bill requires all websites that collect or process any personal data to verify the age of the user, and if the user is below the age of 18, the company will have to comply with additional obligations such as getting parental consent, not profiling the child for targeted advertising, etc. But the main criticism of this proposal is that, in many cases, it requires a company to collect more data from a user than they would normally collect, hence becoming an issue for privacy and personal data protection. The CNIL report suggests that we need more privacy-preserving solutions before making age verification mandatory across the board.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
What are the current age verification solutions?
The CNIL report gives a summary of six different age verification solutions used at present and what the issues with these solutions are. While the report suggests that we need new and better solutions, it also outlines measures that can be incorporated in the interim to mitigate privacy concerns in the existing solutions.
1. Age verification through payment card validation:
- How it works: Many services validate a payment card to verify that a user is old enough. It can be used even when a payment is not required (free sites) because it depends on verifying the card’s validity not an actual payment. “Age verification through payment card has the advantage of relying only on already deployed and proven infrastructures,” CNIL noted.
- What are some issues: As you might’ve guessed, this is not the best option to verify age. “This type of verification is circumventable (since minors may be in possession of payment cards enabling them to make purchases on the Internet) and not accessible to all (since adults may not have such a card, notably because of social discrimination, given the differences in access to a credit card according to income),” CNIL explained. But it can be used “to protect the youngest children (up to about the age of 10-11 years), who cannot have a bank card for online payments and for whom the likelihood of using a third party’s card is the lowest,” CNIL added.
- How to improve this solution: “On the one hand, such an age verification system should, in principle, not be implemented directly by the data controller (i.e., the website visited) but by an independent third party. On the other hand, the systems put in place should ensure the security of the verification, in order to prevent the risks of phishing that will be associated with it. It is therefore important to ensure that payment information is entered on trusted sites. If this solution is chosen, it would be advisable for website publishers and solution providers to launch a parallel campaign to raise awareness of the risks of phishing, particularly taking into account this new practice,” CNIL recommended.
2. Age verification through an estimate based on facial analysis
- How it works: This solution estimates age by analysing the facial features of the user. “In order to prevent young people accessing an adults-only service, this type of estimate is often sufficient, as the margin of error is concentrated on minors and minors close to 18 years of age or young adults and adults,” CNIL stated.
- What are some issues: “The use of such systems, because of their intrusive aspect (access to the camera on the user’s device during an initial enrolment with a third party, or a one-off verification by the same third party, which may be the source of blackmail via the webcam when accessing a pornographic site is requested), as well as because of the margin of error inherent in any statistical evaluation, should imperatively be conditional upon compliance with operating, reliability and performance standards. Such requirements should be independently verified,” CNIL explained.
- How to improve this solution: “To limit the risk of video capture and possible blackmail, age verification solutions using facial analysis should be certified and deployed by a trusted third party in accordance with precise specifications,” CNIL recommended. “An age estimate performed locally on the user’s terminal should be preferred in order to minimise the risk of data leakage. In the absence of such a framework, this method should not be deployed,” the Commission added.
3. The offline verification system
- How it works: This interesting solution involves selling “scratch cards” to adult individuals only, “allowing them to retrieve a login identifier and password that would give them access to age-restricted content. Such cards would be offered in certain sales outlets, such as supermarkets or tobacco shops, whose staff already carry out age verifications in connection with the sale of alcohol, cigarettes and gambling,” CNIL explained.
- What are some issues: This cannot be deployed for pornographic sites, “as it could be stigmatising for the individual concerned” and the other limitation of such a system “would be the same as for the purchase of cigarettes or alcohol, namely fraud by reselling cards on a parallel market.”
- How to improve this solution: “All age-restricted activities should be associated with it, and this model should be promoted by a diverse community of publishers (purchases of regulated products, pornography, etc.),” in order to prevent any stigmatisation that arises from only porn sites using this method. Also, “specific governance, with an authority issuing the cards and managing the authentication systems,” should be set up, CNIL recommended.
4. Age verification through an analysis of identity documentation
- How it works: A third-party across may collect and analyse an identity document provided by a user and confirm to the online service that the user is above a certain age. Some systems also compare the photograph in the identity document provided with a live photo or video provided by the user.
- What are some issues: “Such a system is easily circumvented by using another person’s identity document if only a copy of the document is needed (possibility of using a document of another individual who is an adult, even within the household). This system is, therefore, both unreliable and not very respectful of personal data, as it requires the collection and processing of official proof of identity in order to function,” CNIL observed.
- How to improve this solution: The second option of comparing an identity photo with a live photo is “much more reliable and is also used for identity verification according to the ANSSI’s PVID standard,” CNIL noted. The PVID standard is adopted by many European companies as the baseline standard for identity verification. But since this involves processing biometric data, “it is necessary to set up a certification (or labelling) body that will make it possible to verify that the necessary guarantees for the collection and analysis of identity documentation are in place,” CNIL recommended.
5. The use of central government-provided tools to verify identity and age
- How it works: This involves services accessing public databases or authentication systems set by the government to verify age.
- What are some issues: “This method does not therefore appear satisfactory, since it would lead the central government to have a list of connections of a purely private nature. Moreover, with regard to the consultation of pornographic sites, the use of such systems would lead to a risk of associating an official identity with private information and an assumed sexual orientation,” CNIL stated.
- How to improve this solution: “The connection of an attribute management service operated by a trusted third party to central government identity systems could be considered,” CNIL recommended.
6. Inferential age verification systems
- How it works: There are a number of ways age can be inferred. For example, importing and inferring age from the individual’s browsing history, having the user fill out a questionnaire and judging maturity from the answers, analysing the behaviour of the user on other platforms owned by the same company, etc.
- What are some issues: Inferential solutions have a number of issues. For example, importing browser history is intrusive, the questionnaire method has a high possibility of circumvention as responses can be shared online and this method can also have biases as “a part of the population could be discriminated against on the basis of their skills (reading, comprehension), their level of language proficiency, their cultural references, etc.” The third example can “only be used by a small number of services that already collect a lot of browsing data,” CNIL noted.
- How to improve this solution: CNIL recommended that analysis of browsing on the site publisher’s own services (particularly the major digital platforms) can be used, subject to the following measures: the service should existing data it collects and not collect additional data for the sole purpose of building this model, the method should only be used for initial assessment of age and not for a final automated decision, and “the inference system should be evaluated by an independent third party, in order to limit its risks.”
A model for a privacy-friendly age verification system
In its report, CNIL demonstrated the feasibility of a privacy-friendly, yet reliable, age verification system based on a secure protocol using “zero-knowledge proofs.” You can access a full demo of the solution here, but essentially the system involves a trusted third-party actor and works in the following manner:
Essentially, this system prevents:
- “the third party transmitting the proof of age from being aware of the site visited;
- the site visited from knowing the provider of the proof of age.”
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- DPDP Bill, 2022: Fewer Protections For Children In India’s Latest Data Protection Bill
- Seven Issues With How The Data Protection Bill Safeguards Children’s Data
- Why Is The UK’s Communications Regulator, Ofcom, Not Happy With Age Verification On Adult Sites?
- After US, Instagram Introduces Age-Verification Testing Program In India
- India’s Enforcement Directorate Freezes Accounts Of Coda In Probe Related To Gaming Apps