Internet age verification is not possible. Nor will it ever be. In truth, you can guess who I am but you have no proof. I can tell you there’s no gun to my head, but you’re not entirely sure.
Wanting age verification technology is mental illness. Because age verification is inextricably tied up with identity verification. In person, forgeries aside, it’s fairly easy to guess who I am. But online, there’s millions upon millions of points of failure. A basic example, just last month my blog was hacked and stuffed with links to pharmaceutical products, and I’m still suffering the aftermath of that attack, my most reputable and oldest website now ranked very low.
Tagging humans like cattle would be horrifying, but even that wouldn’t work. Such tags would be easy to crack, spoof, intercept, at the point of origin, in transit, etc. Same for fingerprint/retina scans, implants, or whatever sick device you can imagine. There will never be a “good enough” solution. That’s common sense. But apparently there are politicians lacking in that department.
Which is why this issue concerns me. So I sought out an expert in this area, Anne Collier. I emailed her to ask where she stands on age verification. This is her reply:
I first wrote about youth age verification back in 2006. My understanding of why it wouldn’t work is more on the policy, rather than the technology, side of things – I’d like to get more input from you on the technical problems involved. As I see it, age verification would seriously jeopardize minors’ privacy – their personal information, which is highly attractive to identity thieves, someone at the FTC told me. There’s a good reason why federal law protects minors’ privacy.
But how would verification be a privacy risk? Verification technology needs a database of personal information to check against. There is no such thing in our country – no national database – of minors’ personal info. Some states – I’m told about two-thirds of them – have databases of drivers license info, but they’re obviously not national, and they obviously only contain info on people 16+, so they’re obviously not useful to a social-networking site whose Terms of Service accept registrants who are 13+ or 14+. Even if there were a national database of personal info for people 13+, the most popular social-networking sites have international user bases, so how would even a national database serve effective age verification? If a teenager in New Zealand or South Africa signs up, is s/he automatically suspect or barred because s/he’s not in the US database of 13-to-17-year-olds? One of the biggest concerns, though, is what would happen if someone at the DOJ with that database on his/her laptop somehow leaves it on the Metro? Or someone breaks into a car and steals the laptop? Or someone hacks into the database in the workplace? That kind of thing happened in the UK last year, compromising the security of the personal data of more than 25 million people.
The US’s attorneys general are calling for age verification as if it’s just a technology problem – at least that’s how they’re presenting it publicly. It’s not a technology problem. It’s really about children’s privacy rights and civil liberties. It’s also not a domestic problem. Nothing involving the Internet can have a truly effective solution in national law. That’s my best answer at the moment – what am I missing?
All best,
Anne
Here are other items I’ve written on age verification.