One can be in favor of a social media ban for children and adolescents and have their reasons. But when it came to age verification, opponents of such a ban always had one strong argument: a justifiable method of age verification seems impossible. Until now.
What has changed? Actually, nothing. The argument that privacy-compliant age verification is impossible because such a program simply doesn’t exist seems plausible. Just as plausible as the fact that existing systems provide shining examples of how not to do it. For instance, when using Persona →, personal data is shared with the entire tech-bro elite, and profits are made. LinkedIn, for example, uses Persona, thereby supporting data retention by a private provider.
Even the EU is betting on a procedure, eIDAS 2.0 (Electronic Identification, Authentication and Trust Services), which must face criticism for centralizing data and potentially abusing its power by tracking citizens and virtually abolishing anonymity on the internet. Even if that is not the plan yet, it is conceivable. Especially when we look at other states like China or even the USA. The EU would be right on trend.
What is needed, therefore, is independence from the state.
A system for a state-independent, privacy-compliant age verification is, however, imaginable. We are talking about it right now, which is why it is possible, regardless of whether it already exists. How could one set up a system that sends no data to Big Tech and is so independent of the state that we don’t have to fear access by a totalitarian government?
- Operator: Something like a constitutional institution under public law with its own funding, a multi-stakeholder principle (EU + member states), self-governing, and financially autonomous (Independent Regulatory Agency).
- Apps: It provides apps that enable age verification. The verification process always runs locally.
- API: It provides an API that platform operators can use to trigger age verification.
- Funding: The operator bills the costs for age verification via the API. This is how the institution is financed. (Here, smaller providers could participate for free because it is co-financed by the large platforms—a principle of solidarity.)
- Anonymity: All requests are made via encrypted, anonymous lines. Keywords: Zero-Knowledge Proof principle and the unlinkability of queries. Neither the requester nor the operator knows the person being verified. Biometric data never leaves the hardware.
- Open Source: The code for the age verification is open source. This makes it transparent which data flows where and how secure the app is.
The independent control of age is too important for us not to establish it independently across Europe. It must not be profit-oriented or act directly as the state. The task is not trivial, as there is virtually never a one-hundred-percent secure principle. But just as IDs and money are forged, and people die in road traffic yet we still clearly recognize their utility, we must build a system that fundamentally works and meets our requirements.
The development of such an institution is possible; the technology is feasible and not rocket science. We should now consider to what extent we are prepared to invest in a digital infrastructure that is based not on commerce or control, but on the protection of our privacy and digital sovereignty.
This post is a contribution to the current debate regarding a social media ban for children and adolescents. In this article → (in German), I am advocating for such a ban.
Photo by Alina Grubnyak on Unsplash
Schreibe einen Kommentar