Online age verification and the battle over biometrics

gahsoon via Getty Images

Featured eBooks
Trust in Government
Chasing New Industry
NASCIO Special Report 2024
Insights & Reports
Get Print Security Right in 5 Steps
Presented By Carahsoft
Download Now
Revolutionize your constituent tax support with seamless AI-powered solutions
Presented By NICE
Download Now
By Todd Jarvis,
Aware

By Todd Jarvis

|

COMMENTARY | Lawmakers are experimenting with various ways to verify users’ ages and keep minors off websites with adult content. Using biometrics could represent a better path forward.

In early January, Pornhub announced it was going dark in several more states as a way to protest new age verification laws that are sweeping the nation. In certain states, services like Pornhub are opting to simply restrict access to their websites for all users to avoid hefty penalties.

In the U.S. and abroad, many lawmakers want to limit minors’ access to websites featuring adult content. There are several ways this content can be restricted, but to date, these have been imperfect. Some streaming sites ask users to affirm they are over 18 via a pop-up, but this self-reported information is never confirmed, making for an age verification system that quite simply has no teeth. Another method — parental controls — can all too often be circumvented by kids who are more technologically fluent than their parents.  

Other, more sophisticated methods hold promise. For instance, consider the work currently being done in the area of facial age estimation — combining computer vision with machine learning technology to estimate a person’s age. 

In Louisiana, Pornhub enlisted an anonymous third-party age verification service that scans a sea of public and private transactional data to verify that a person attempting to access a service is 18 or older. While these may represent improvements over other methods, app development can be costly and time-consuming, and can fail to keep pace with the constant flux of online age verification — also known as age assurance — laws. 

Biometrics, or the identification of individuals based on their unique biological characteristics such as palm prints, fingerprints, face and voice, represents the fastest, easiest, most cost-effective way for streaming services to verify age on the internet. Combined with geofencing, this service helps know whether certain laws apply to users. Biometrics also feature built-in document verification capabilities to ensure that age-verifying documentation is legitimate, and that the person really is who they claim to be.

We believe biometrics are the ideal solution to the online age verification dilemma, for several reasons.

Privacy and Security

As the battle over online age verification heats up, opponents of biometrics say that collecting a vast pool of biometric data presents a significant privacy and security risk. In other words, if a hacker were able to access such a database of biometric data, he/she could steal and wreak havoc with data that individuals cannot easily change. Unlike a password, it’s impossible to change your fingerprints.

We believe these arguments are unfounded. Today, there are a number of tactics available to protect security and privacy further, including:

  • Decentralized storage: Use on-device storage rather than central databases to reduce the risk of large-scale breaches. 
  • Template encryption and hashing: Store biometric data as encrypted templates rather than raw images (so no one can “steal your face”). Using cryptographic techniques such as homomorphic encryption or secure multi-party computation ensures that biometric data remains protected even during authentication. 
  • Role-based access: Restrict access to biometric data based on strict permissions, ensuring that only authorized personnel can access stored information. 
  • Temporary processing: Authenticate users without permanently storing their biometric data, ensuring data is deleted immediately after use. The Transportation Security Administration’s pre-check identity verification uses this tactic, for example.

“Spoof-Proof”

It’s a challenge that’s been around the in-person age verification world for ages: minors presenting fake IDs. Surely, minors will attempt similar techniques in an online environment — for instance, stealing and presenting an adult’s ID along with another picture or video of the owner’s face to the device camera. This is known as a “spoof” attempt, and in the age of ready access to photos and videos via social media, they’re becoming much more common.

Fortunately, today’s biometric tools feature liveness detection to notice and thwart such scenarios. Liveness detection works in various ways, depending on the biometric modality (face or voice) being used. When it comes to facial recognition, liveness detection may scan the user’s face for natural movements like blinking. Genuine users will respond with natural, involuntary movements that can be detected, whereas static images or videos cannot replicate these movements.

Cost and Speed of Deployment

In the past, only well-resourced, technologically sophisticated organizations could afford biometrics — and the heavy up-front work that was required to implement them. Today, biometrics are available in a cloud-based SaaS model, meaning that virtually any streaming service, no matter how big or small, can begin offering this type of authentication in minutes. Additionally, biometrics are now broadly available as a plug-in on leading marketplaces, further democratizing access for website owners and developers.

Convenience

According to a recent survey, consumers are more comfortable with biometrics than at any time in our history. Over half of those polled indicated they use biometric authentication technology regularly, with nearly 50 percent stating they use biometric authentication “often” or “always” to access mobile apps, indicating a clear path to mass adoption.  

Even if they have some trust concerns, the convenience factor tends to have more clout, with 62 percent of respondents noting they have never refrained from using the technology as a result of trust issues. 

The fact is, only biometric authentication offers this holy grail of superior security combined with convenience, and convenience tends to win out. Biometric authentication is extremely reliable, fast and easy, taking only milliseconds to process, with no passwords or special codes to remember. 

Even as online age verification laws take hold in more states, to date lawmakers have shown they aren’t quite sure how they’re supposed to work. While we believe that biometrics are an ideal foundation for digital ID programs, that’s not to say there aren’t challenges ahead. 

Data from a wide range of industries including financial services indicates a high level of consumer comfort with biometrics, but in the adult content/streaming space specifically, people may be more reticent to provide their personal information. Communication will be key to educating users on the comprehensive steps taken to keep their data safe, the convenience of login, and how biometrics will secure online experiences for all.

Todd Jarvis is global head of partnerships at identity verification and fraud prevention company Aware.

NEXT STORY: Illinois green lights modernized vehicle title and lien processing system

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.