AVPA responds to EFF report on age verification

As more U.S. states consider laws to require proof of age before accessing websites with a certain level of content considered harmful to children, the Electronic Frontier Foundation (EFF) issued a warning over the disappearance of online anonymity. The Age Verification Providers Association (AVPA), the sector’s global trade body, now responds to the EFF stance with its own take on the debate, countering that anonymity can be maintained.

“Age verification systems are surveillance systems,” opens the piece by EFF, a non-profit association and government watchdog advocating for civil liberties online, “Mandatory age verification, and with it, mandatory identity verification, is the wrong approach to protecting young people online. It would force websites to require visitors to prove their age by submitting information such as government-issued identification.”

The AVPA argues that “privacy-by-design through data minimisation has been a founding principle of the AV industry.” Members do not collect data on users, avoiding the creation of databases that could be hacked. Likewise at the websites themselves.

When the age of a user is established by the tech of an AVPA member, personal data used is deleted and the user anonymized.

The EFF article, by Jason Kelley and Adam Schwartz, uses French authorities’ assessment of age verification technologies as a basis for not using them at all. The AVPA counters that the Commission Nationale de l’Informatique et des Libertés (CNIL), the data regulator, is seeking a higher standard by attempting a double-blind cryptographic mechanism which would prevent an AV provider from knowing what sites a user has accessed.

In June 2022, CNIL presented a proof of concept of their approach where ‘challenges’ are generated. In February 2023 it released the tool and maintained its stance on other approaches, but still recommends the use of third-party age verification providers in the meantime. The Digital Minister promised the end of access by children to pornographic sites this year.

AVPA counters the EFF article’s take on facial analysis and facial recognition: “Facial recognition is not a feature of the age verification industry. Facial analysis for the purposes of estimating age does not use enough data to uniquely identify an individual, and in any case, is not retained once the estimate has been established, so there can be no question of it being used for recognition.”

It finds that papers cited by EFF are outdated and that biometrics can be used to make a decision about a person without identifying the person. It offers that German authorities have reviewed facial age estimation tech in depth and approved its methods even for the “most sensitive adult content.”

The AVPA recognizes that much of the development of AV has happened in Europe, in part due to the 2018 GDPR. It acknowledges that more work needs to be done to persuade people in markets such as the U.S. that rigorous testing and certification of AV tech, international standards and a Code of Conduct for the sector will ensure that anonymous age verification is possible.

The piece references the euCONSENT project to develop a reusable age verification tool for interoperable age verification across multiple sites. A further blog piece by the AVPA’s U.S.-based chief technical strategist explores how to ensure age assurance is accessible and inclusive.

Article Topics

age verification  |  AVPA  |  biometrics  |  double-blind age assurance  |  EFF  |  face biometrics  |  facial analysis  |  privacy  |  surveillance