FB pixel

Age assurance demand spurs technical specifications from euCONSENT, Spain

AgeAware scheme proposes tokenized approach while Spain looks to W3C VCs
Age assurance demand spurs technical specifications from euCONSENT, Spain
 

Across Europe there is increasing consensus on a need for effective age assurance methods for adult content and services online. Free and open access to adult sexual content, in particular, is having proven negative impacts on the mental health and social skills of youth. But how to deploy a solution – moreover, the right solution? That question does not yet have a definitive answer, and major voices in the EU are weighing in.

New euConsent specification seeks feedback on AgeAware scheme

The euConsent project has announced the publication of a “detailed specification” of its age assurance scheme, AgeAware, for public consultation. According to a release, the upgraded online age verification scheme uses a token system built on the existing euConsent foundation to meet global requirements for privacy and security.

The technical specification describes a “digital ecosystem which will facilitate an open and competitive market for interoperable, device-based, double-blind privacy-preserving age assurance.” In publishing it, euConsent hopes to find a balance between the convenience of device-based age verification with the necessary accuracy, regulatory oversight and cost effectiveness.

The newly-branded Age Aware is a proof-of-age tool designed for the global marketplace, to “enable users to access age-restricted digital services anonymously and conveniently, without repeating an age assurance process each time.” Double-blind identity, listed as a key feature, makes it “impossible for the user’s identity to become known to the websites or apps they visit,” and “impossible for the age assurance provider to track which sites or apps a user visits.”

In brief, it works as follows: a user trying to access age-restricted content is directed to the AgeAware app to select an age verification provider and method, which does either an age verification or age estimation check. A successful check places a token on the user’s device, containing only the relevant age data, which they can enable for access to other age-restricted online content or services. It’s like a hotel keycard programmed with a level of clearance that allows entry into certain locked rooms, but is otherwise data neutral.

Finally, a tallying service counts costs, to make the platform commercially viable.

Another key feature of AgeAware is choice. “By giving users a wide range of choice about which method of age assurance to use, the maximum number of users should be able to secure an age check that can be used repeatedly without the need for specific evidence or frequent assistance.” Biometrics are in the stew as an option for authentication, the latter of which is listed as a pillar of the AgeAware ecosystem, along with trust, data security, anonymity and – a novel addition – environmental responsibility.

AgeAware is positioned to be a strong contender among preferred age assurance methods as eIDAS 2.0 becomes the norm – but euConsent stresses that, at this point, it is still primarily an idea. “The design at this stage has been deliberately kept as open and flexible as possible to allow for further industry and wider stakeholders engagement through the development process,” says the document. “There will be an iterative development process, applying agile techniques, expanding the detail of the design and incorporating feedback.”

Meanwhile, the euConsent membership (which includes the Age Verification Providers Association, the Age Check Certification Scheme, Yoti, VerifyMyAge and a number of academics and experts) is confident that it has a winner on its hands.

“We believe we have created a concept which is a hybrid of the many emerging technologies and approaches that have been put forward as the demand for age assurance grows along with more sophisticated requirements,” it says in the document’s conclusion.

Feedback on the specification is due by the end of September and can be submitted here.

Spain looks to verifiable credentials, cryptographic keys for age assurance

Spain’s digital administrator has released its own technical specification covering its new online age verification system, which a release says will use the W3C Verifiable Credentials (VCs) data model for limited disclosure.

Like euCONSENT’s document, the specification document from Spain’s Secretariat-General for Digital Administration lays out the model for “the communication protocol between the end-user mobile application and the content provider for verifying the age of majority,” which maintains the anonymity of the user. But unlike the tokenized approach being explored with AgeAware, Spain’s system is designed against a public trust framework that relies on whitelisting authorities and is built on digital wallet infrastructure, private-public key cryptography and decentralized identifiers (DIDs).

A release from the European Commission says Spain chose W3C VCs because they offer tamper-proof security, comply with signature schemes of the eIDAS regulation for secure digital transactions and ensure the provenance of information. Privacy, as embodied in the principles of data minimization and data sovereignty, is also listed a motivator, along with portability, in that “verifiable credentials can be seamlessly stored and linked to digital wallets and be presented when needed.”

In US, KOSPA age assurance effort faces constitutional hurdles

Across the pond, the Kids Online Safety and Privacy Act (KOSPA), recently passed in the Senate, proposes its own set of solutions to the ae verification question – but in a piece for Tech Policy titled “Why The Kids Online Safety Act Is So Hard To Love,” sometime online safety NGO exec Stephen Balkam asks, “why is this bill, now combined with a privacy bill and called the Kids Online Safety and Privacy Act (KOSPA) so problematic and challenging for many of us working in the online safety space?”

Staying firmly on the American brand, Balkam’s answer is a flurry of concerns about over-moderation and infringement on constitutional rights. “Philosophically and technically, there is a tension between safety and privacy,” Balkam writes. “Just to make matters more complex, we have the First Amendment.”

He further girds his argument with reference, ironically, to the EU: approaching age assurance “from the opposite direction is the idea, promoted in Europe, that children, too, have rights. This includes having some rights of privacy – even from their parents – as well as the right to seek out content and express themselves in a way their parents or teachers might not approve of.”

“All of this is to say that it’s complicated,” writes Balkam, “and made more so by the woeful lack of a federal privacy law for all users to which bills like KOSPA could be attached. We are also far behind most industrialized countries in conducting national research projects upon which to draft online safety legislation and education efforts.”

As the age assurance debate continues to churn and more solutions and technical specifications emerge – as they surely will – it is easy to buy into the final, exuberant statement from the European Commission’s press release: “The future of verification is just getting started!”

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events