Digital age verification is a significant topic these days, with lawmakers advocating for legislation that could restrict users’ access to popular apps, websites, and even devices unless they provide identification. I’ve mentioned before how these bills often seem more like a governmental overreach disguised as child protection. But what if there were a better way to meet lawmakers’ demands while still safeguarding the privacy and security of Americans? Here’s some thoughts on achieving a balance between the two.
Current Age Verification Legislation
The age verification bill that’s currently moving through Congress presents a complex dilemma. On one side, it aims to shield young users from inappropriate online content across various platforms and apps. However, it also gives tech giants and governments a means to collect, digitize, and maintain databases of users’ real-world IDs, which can tie online activities to personal identities.
This issue has sparked a bipartisan push, with lawmakers from both sides getting involved. One notable proposal comes from Democratic Rep. Josh Gottheimer of New Jersey, which aims to enforce strict age verification every time someone sets up a new device. Meanwhile, Republican Sen. Josh Hawley from Missouri supports a bill that would require users to provide identification to access AI chatbots, potentially leading to broader internet restrictions as AI technology continues to grow.
Both of these proposals aim to protect minors, but they also threaten Americans’ rights to access their devices and the internet freely without having to show identification.
It’s crucial to note that companies like Apple and Google already have systems in place to handle sensitive information.
Let’s be clear: if these proposals go through, access to your favorite applications and services could be limited. People might have to hand over their IDs to tech firms and federal agencies, all under the guise of verifying age.
Secured Enclaves
Entrusting personal data to Big Tech or, alternatively, keeping your phone in the proverbial “Faraday cage” really illustrates the choices we face. Apple and Google have been processing our most personal information securely for years. The secret lies in a small, secure area built into the processing chip of our devices. This area remains disconnected from the internet, is not backed up to the cloud, and is encrypted.
Apple refers to this as the secure enclave, while Google calls it a Trusted Execution Environment. Both serve the same purpose: they securely store biometric data.
If you’ve ever unlocked your device with your face or fingerprint, then you’ve encountered this secure subsystem. What makes it appealing is its speed, efficiency, and privacy. Apple and Google can store your biometric information, but they can’t access it, nor can third-party applications. The system merely checks whether the biometric data matches what’s stored in a secure way.
A similar approach could work for age verification.
A Practical Age Verification Solution
Imagine, instead of handing over a copy of your ID to a massive tech company, you could store it in a secure way. Much like setting up FaceID on an iPhone or fingerprint scanning on an Android, you could take a photo of your ID and store it in a secure enclave as part of your biometric information. To confirm that the ID is valid and belongs to an adult, on-device software could check the user’s date of birth, any barcodes, and other crucial identifiers.
Once this information is stored, age verification would work like current facial and fingerprint verification systems. When you access an app or service requiring ID verification, the system would cross-check the information in your secure enclave. If you’re identified as an adult, you get permission. If not, restrictions can be applied based on the law’s requirements. This method serves as a link between your identity and a digital service while keeping your true identity private.
The Path Ahead for Age Verification
For this to become reality, both Apple and Google would need to adopt this technology and integrate it within their systems. Governments, in turn, would need to recognize this method as valid for meeting new regulations. Ultimately, tech companies are likely to embrace this way of verification if it proves to be reliable, resembling existing facial and fingerprint security methods.
If IDs must be provided, keeping them secure within a designated system would seem like the best approach. This way, while governments gain power over device access, citizens can still maintain their anonymity and privacy.
Or, perhaps I’m being too optimistic here; maybe policymakers should just refrain from interfering with our rights and allow us to use our devices freely. I’d certainly prefer that.
