Privacy-compliant identity verification

Share This:

The controversy generated by the law enacted in May 2023 in the State of Utah, which requires verifying the age of users each time they access a page with adult content, highlights the limitations of certain lawmakers regarding identity verification and privacy.

A

badly designed law 

Since Utah established the law known as SB287, which establishes 3 methods to verify the identity of all those who wish to access pornographic content on the net, PornHub and other portals have blocked all their material in this traditionally conservative US state. According to these portals, the law is insecure and incomplete. Moreover, the methods required by the law are neither fair nor sufficient. It turns its back on certain technological advances that are not only more convenient, but also more respectful of the privacy and choices of Internet users. For the regulation to be useful and modern, it should have specified that the proposed authentication methods (a digital identity card available through an app approved by the competent authority, verification through databases used by government agencies and businesses, or “any commercially reasonable method that relies on public or private transactional data”), ensured a minimum of the data required, so as to avoid requesting additional or sensitive information that was not relevant for this particular purpose and, in addition, to have ensured that the State had the most advanced and shielded technology possible, something that does not appear to be the case. 

Device based identification 

The device-based identification proposed by Mindgeek, parent company of PornHub, could be a useful alternative for more convenient and secure authentication. Each device, such as a cell phone or computer, would receive a unique ID that would be linked to that particular device. This identification could be based on specific characteristics of the device, such as its MAC address, serial number or other distinctive identifying information. When a user attempts to access age-restricted content or websites, age verification will be required. Instead of asking the user to provide personal information or identity documents, device identification would be used to determine if the user is old enough to access the content. 

The user’s device ID would then be compared with the age requirements set for the restricted content or websites. If the device ID meets these criteria, the user would be allowed to access the site or content. If not, access would be denied. 

By using characteristics and data unique to the devices that users own, privacy is ensured to a greater extent than if official documents are presented each time or databases are consulted. The use of cryptographic data avoids having to provide underlying personal information. 

It is important to note, however, that if device identification is used to determine the user’s age, it does not guarantee 100% accurate verification. Device ID can provide clues, but it is not always foolproof, nor can it guarantee that the user is actually of age. Although they can provide some degree of anonymity, the device ID itself may not be completely anonymous. The IP address, for example, may reveal general information about the subject’s geographic location. Therefore, while the method may be less intrusive in terms of collecting personal data, certain signals or information may still be obtained that could be understood as an intrusion. 

Advanced solutions: digital wallets 

Reality demands more advanced solutions: robust as well as more user-friendly. The answer to dilemmas such as the one that arises from decisions like the ones made by the Utah government could be a digital identity wallet with a facial biometrics or Facematch system. This solution would provide a secure and convenient way to verify identity online and, by using facial recognition, would reduce the possibility of impersonation and would not require the use of passwords, eliminating the risk of password theft or loss. 

These wallets would store relevant user information in a secure digital environment and would not only verify identity, but also log into the device, acting as a sort of protective vault. With a transparent, straightforward and frictionless operation, the wallet would request access and the Facematch algorithm would compare the face image in real time via the device’s camera with the previously stored photograph. After the biometric analysis, if there is a satisfactory match, the user would be able to enter the content with absolute guarantees. Each person would go through the process of registering their unique characteristics only once and from then on would be granted full autonomy and control over each access, which would take just a few moments to clear. 

In the specific case of managing access to pornographic content, the way in which a wallet supported by biometric recognition protects minors is very important. Configuration options should allow parents and guardians to set restrictions to safeguard children from exposure to inappropriate material. Activity logging could help them monitor and supervise their children’s activities, allowing them to detect inappropriate behavior. 

Technology will serve its purpose as long as it responds to new compliance challenges while respecting user privacy. Lawmakers have an opportunity and an obligation to learn about the broad possibilities offered by new developments and how they can help build safer environments. 

Back To Top

International Technical Support (EU): +44 (20) 80891215 & (US): +1 312 248 7781 | support@trustcloud.tech