Today’s article is about a growing problem in privacy:
The multiplication of laws and law propositions forcing platforms to implement age verification measures, and therefore collecting sensitive identification data from everyone using them.
This isn’t hypothetical or far away in the future.
Unfortunately, some platforms have already started to require users verify their age using face scans or uploading official IDs.
If you have experienced such age verification requests already, share your experience with us!
I find it very easy to imagine a hypothetical privacy-respecting digital state ID. When your government gives you your state ID card, they would also give you a hardware key. This hardware key contains all the same information as your state ID. But because it’s a piece of smart technology, we can control what information it shares. So when an adult website wants to know whether you’re over 18 years old, instead of asking you for all the information on your ID card, it can simply ask for your age – or better yet, simply ask if your birthday is prior to 18 years ago. A simple permission system would allow you to keep websites honest: any data request they make would need to be approved by you (via a GUI app or hardware button).
These could have expiration dates just like state IDs. The only major degradation in comparison to traditional ID cards is the lack of face matching to prove the ID is in fact yours. Replacing that with a password is a simple, but inferior security system. Alternatively, a government-issued offline facial recognition app could perform the face check, then temporarily authorize the hardware key (say for 15 minutes).
Obviously this would require substantial work, but this isn’t science fiction. We could have this today if governments and developers put the work in.