Meta lobbies Canada’s government to put age assurance at the app store level

Meta is trying to get ahead of the age assurance debate in Canada, with a pitch to the government in favor of age assurance at the app store level, rather than on individual platforms like Facebook and Instagram.

A report from the Canadian Press says Meta has been lobbying the federal government to “include the concept in upcoming legislation that deals with online safety issues.”

According to Meta Canada director of public policy Rachel Curran, the company believes age assurance at the app store level “is by far the most effective, privacy-protective, efficient way to determine a user’s age.”

Meta, of course, believes this because it is convenient for the company, in that it puts liability for age verification requirements on another party – specifically, either Apple or Google. (The adult content industry has pushed for the same.)

Google has called out Meta on its bad faith; Kareem Ghanem, senior director of government affairs and public policy at Google, accuses the company of consistently “advancing policy proposals that demonstrate more interest in shifting responsibility than in taking responsibility.”

“Time and time again, all over the world, you’ve seen them push forward proposals that would have app stores change their practices and do something new without any change by Meta.”

This is demonstrably true. Having found its platforms hit with age assurance requirements in Australia, and with similar legislation brewing in the EU and U.S., Meta has enlisted Silicon Valley legal lobby, NetChoice, to wage an incessant campaign of lawsuits and complaints in opposition. Since it can’t outright say the truth – which is that it would prefer to not have to deal with age check legislation at all, because CEO Mark Zuckerberg believes he should be able to do whatever he wants – the company has leaned into the argument that app stores are where age verification should occur.

“That would allow us, along with all of the other apps that kids are using, to make sure users are placed in appropriate experiences for their age,” says Curran. Meta says it has received a positive response from Canada’s federal government, which is in the midst of crafting legislation that aims to address online sexual exploitation and extortion, and the growing risks associated with large language model (LLM)-based chatbots.

Google’s Ghanem, on the other hand, notes that the idea Meta is pitching in Canada has been rejected by 16 U.S. states and the EU, and asks, what about all the other apps kids use that don’t need to know their age? Because Google has its own interests, and its own litigation engine.

The back and forth continues, stirring the pot to cloud the soup. Such is the way of massive corporations that have made it their mission to push at the seams of what’s tolerable for society.

As with digital identity in the larger sense, trust is a key factor in establishing a vital sector for privacy preserving age checks; Meta, as is its wont, is determined to undermine that trust to protect its own interests, muddying the debate with specious assertions and billions of dollars in legal funds. As long as Meta operates, age verification will have a persistent, powerful and disingenuous opponent.

AVPA breaks down interoperable age check options

Meanwhile, the industry continues working to try and parse all the different options for age assurance emerging as online safety laws sweep the globe. The Age Verification Providers Association (AVPA) has published an explainer on interoperable age assurance, which makes a single initial age check valid across networks.

AVPA identifies five major contenders in the interoperable arena: the Apple App Store, Google Wallet, the EU’s age verification blueprint, the OpenAge Initiative from k-ID, and AgeAware from euCONSENT ASBL.

Apple’s Declared Age Range API skews more toward parental controls than an age assurance product as defined by international standards. And with Google Wallet, “Google has taken the role of facilitator, not verifier, enabling age information contained in credentials stored in its digital wallet to be shared by the user with apps and websites” through a zero-knowledge proof (ZKP).

The EU Age Verification App (which surely needs a better name) is the European Commission’s government-led white label solution, which uses verifiable credentials issued under the eIDAS 2.0 trust framework.

OpenAge is the new system run through compliance provider k-ID, which adapts the passkey model for its AgeKey, an encrypted verification stored on a user’s phone that can be reused across a participating platform.

And AgeAware is the system developed by the euCONSENT ABL nonprofit consortium (of which AVPA is a member), which unites some of the UK’s largest age assurance companies and academic institutions. Rather than a “key,” AgeAwage uses an initial verification to generate a token, which can be reused across participating providers.

Both Open Age and AgeAware offer double-blind protection, meaning the issuer doesn’t know what a user is doing with their proof of age token, and the relying party only gets to know whether a user is old enough to enter, nothing more.

AVPA’s post also has a chart comparing the various options and their features, and says ultimately, “more than one interoperability solution is likely to emerge as successful, just as there are multiple global networks in the payments industry.”

Article Topics

age verification  |  app store age verification  |  AVPA  |  Canada  |  device-based age verification  |  Google  |  legislation  |  Meta  |  social media