Privacy-Preserving Age Verification—and Its Limitations
4 points by gerikson
4 points by gerikson
To a first technical approximation, it is straightforward to construct a privacy-preserving, credential-based age verification system for the Worldwide Web. However, the legal, economic, and social obstacles are formidable, and possibly insurmountable, especially in certain countries.
The problem with all the “privacy preserving” systems for such verification is that they fail to consider a fundamental problem: any organization required to do this will need to provide human/legislature understood verification: ie a copy of the ID, etc that can be presented if they get sued, etc.
Not necessarily, something like the EU eIDAS proposals based on zero knowledge proofs would be the government endorsed and supported position. The company would have no mathematical way (or legal right) to know anything else about you, other than that you can prove that you are over the age requirement cryptographically.
If anything, they could get sued for requesting or storing more data than that. And to defend against suits about allowing underage people access they would just have to prove that they have the appropriate systems in place and respond to bug/vulnerability reports in a non-negligent way.
But how do you prove that you verified that the person who credentials you validated was the person those credentials represented - the people who argue that it is other people and government’s jobs to monitor and police their children will (and in plenty of US states already are trying to) require that other people prevent their children from using their ids.
In other words, the is not proving the properties of the id you’re given, it’s proving the person using it is that actual person.
That’s why you see the people pushing for age verification to include photos of the people you’re verifying, and then if they ever accuse you of not actually doing enough, the only counter you have is to provide evidence that your work to id someone that they claim was too young, is to be able to provide the picture you took when you id’d them. So they don’t even have to have the law require you store that information, and so can claim that they’re not requiring you to do so - but you don’t actually have a choice in the matter because if you don’t store the information you cannot defend yourself.
so can claim that they’re not requiring you to do so - but you don’t actually have a choice in the matter
Yes, you don’t have a choice in the matter, the EU explicitly bans these entities from requesting a photo (or id) and enshrines the right to pseudonymity.
be able to provide the picture you took
If you can steal someone’s ID you can steal a photo of them too.
proving the person using it is that actual person
This is pushed to TPMs and people protecting their identities. This has its own problems, but no identifiable information is transferred.
Under this model the entity distributing the verification of the fact (the government when it comes to ages) is responsible of only providing it to the individual the fact is about, the individual is responsible for not letting someone else activate their TPM for a transaction, and the verifier is only responsible for verifying the cryptographic fact.