Historically, age-gates on the internet have been little more than a joke.
Every teenager with a broadband connection has been able to see something they shouldn’t by either checking a box labeled “yes, I am 18,” or selecting a birthdate from a dropdown menu that puts them in the realm of 30 years old. The websites that have required age verification in the past haven’t put in a great deal of effort to make those systems more robust.
Under the UK’s forthcoming Digital Economy Act, adult entertainment websites will have to do more than simply pay lip service to the idea of age verification.
Although the enforcement date for the digital economy act has recently slipped, the schedule of fines remains as fierce as ever. Websites that don’t take convincing steps to screen minors away from adult content will face either:
- Fines of up to £250,000
- Seizure of up to 5% of global revenue
This amount of money could conceivably destroy a small business. Even worse, businesses will have only three months to implement a technical solution once the British Board of Film Classification (BBCF) decides on standards. In other words, the BBCF seems eager to make an example, punishing adult entertainment companies as soon as possible in order to ensure future compliance.
Why is age verification so hard to accomplish? And how can companies serving adult content implement reasonable age restrictions in just three months?
Age Restriction is Harder Than It Appears
Implementing an age verification system would be easier than you think – if you didn’t mind demolishing the principles of a free, open, and mostly-anonymous internet.
For example, imagine a form of age and identity verification whereby, if you wanted to look at some adult content, you had to input your ID into a webpage. This might consist of your passport number, driver’s license, or even a credit card – each form of ID is in some way tied to your age. To prevent ID fraud, the webpage might even ask you to transmit a photo of your ID to an image recognition system. The webpage would then transmit your ID to a government server to ensure that it was valid. Simple enough, right?
While this method would work as a way to verify identity online, it comes with a vast number of potential failure points.
- The adult-entertainment company might not anonymize or delete your ID number after it verified your information – they’d know who you are.
- The government might do the same, establishing a registry of adult entertainment viewers in Britain, which would be a potential violation of civil rights.
- Attackers would have two obvious points of failure to exploit:
- They could conduct a man-in-the-middle (MITM) attack by putting up a fake frontend that would harvest user credentials as they were entered into the website.
- They could conduct a similar attack by eavesdropping on the connection between the website and government servers as they validated the user’s ID.
While this method of age verification would work on a theoretical level, in practice it would invoke massive issues of security, privacy, and civil liberty.
Remember, the goal of the Digital Economy Act is just to prevent underage citizens from seeing mature content – not to punish the adults that choose to do so. As such, any solution to the age verification issue must be pursued in a way that’s conscientious of our digital rights.
What are The Elements of a Workable Digital Identity Verification System?
All hope isn’t lost for adult-oriented platforms. After all, banks, insurance companies, and doctors’ offices have all installed secure and reliable KYC (“know your customer”) systems after being compelled to do so. The problem here is that:
- Adult-oriented companies aren’t banks
- Therefore, they don’t have bank-sized budgets
- They’ll only have three months to implement these systems.
The challenge for adult-entertainment platforms is to find a user-friendly, budget-friendly digital ID solution that can be implemented in just a few months’ time.
The solution to this is to create a digital token that can authenticate your identity without transmitting any personal information that would allow an attacker to commit identity theft. Folio has accomplished this by letting users save their personal data on their smartphones in an encrypted ID Wallet. This mobile identity is accessible only to the user and the to the entities they use to share it with.
Companies can feel confident implementing Folio in a fast and secure manner, which allows adult-oriented businesses to become compliant with the law without risking their customers’ privacy. For more information about Folio and how you can implement our technology in advance of the Digital Economy Act, contact us today!