Age verification

Romek romeks at
Mon Dec 5 23:24:15 GMT 2016


Current age verification techniques are flawed. Ask any child if they
will tick the box stating that they are “Over 18” and I suspect all
children will do so. Once they access adult sites, they can typically
follow links to other sites without further age checks.

In 2013, Ofcom decided that we cannot use credit cards as the basis
for age verification. See “Playboy fined £100,000 for failing to
protect children”

Age verification needs to be more sophisticated and more associated
with real life. In real life, the adult decides and is responsible for
whether the child can view the adult material.

We have designed a system that allow authorities to protect sensitive
websites with a one-time QR code, that can only be unlocked by using
an identity app on a phone. An adult can use this app to show age
verification to a validation service. Then, if the adult consents, the
child is allowed to view said sensitive material.

This can be achieved as follows (see page 17):

There is also a backchannel for the adult to see which websites that
the child is looking at, so that they can allow continued surfing or
terminate the link at any time. This also provides an audit trail for
the child’s web viewing and who authorised their viewing.

We cannot 100% guarantee that no underage person would access
sensitive web sites. It is hard to avoid these cases. For example, in
real life, a child can ask an adult to buy cigarettes for them.

There are probably other solutions to this problem, but we have not
yet seen any which makes the adult responsible for the child’s actions
as this does.

Kind regards
Romek Szczesniak
Innovative Identity Solutions Ltd
romeks at

More information about the ukcrypto mailing list