How Can CIOs Verify A User’s Age?

Solutions and privacy get mixed up when it comes to age verification
Solutions and privacy get mixed up when it comes to age verification
Image Credit: wetwebwork

CIOs have a lot of responsibilities. One that we may not spend a lot of time thinking about is making sure that only people who are permitted to do so use our company’s web site. Depending on the types of products that your company makes, the company may have a responsibility to verify that users of your website are at least a certain age. This means that the CIO is responsible for age verification. What might seem like a simple thing to implement on the surface can get tricky when we start to take things like privacy rights into consideration. How should CIOs go about performing online age verification?

The Challenge Of Verifying A Users Age

CIOs are starting to feel pressure from lawmakers, parents and activists who are pushing for stronger rules to keep children off websites meant for adults. This has caused the question of how to verify age online to start to take on a new urgency. More sites are asking users to certify they are over 18, and CIOs are rolling out innovations aimed at better age checks.

The trouble is that most of our current methods of verifying age create new problems of their own. If we require material such as a user’s credit card or driver’s license to buy alcohol or view pornography, for instance, then this creates privacy issues and new opportunities for data leaks. These types of requests also make it hard for users to browse anonymously. What’s more, I think that we all realize that enterprising children will probably be able to find ways to defeat all but the most intrusive verification processes.

Despite the hurdles that CIOs are facing, a number of countries are starting to explore stricter laws about age verification for sites that have adult content or sell products such as tobacco. Being able to watch all kinds of content online is a point of concern for parents with young children. It concerns online businesses whose business is to provide their users with access to adult content. CIOs are starting to use machine learning tools that are used in artificial intelligence to help distinguish viewers’ ages to make sure the content they’re seeing is age appropriate. This type of age verification is called age gating.

New Ways To Verify A User’s Age

CIOs understand that there is no shortage of strategies for checking users’ age. The most common option that is used today is to ask the user to check a box declaring they are 18 years of age or older, according to a survey of practices across the web. CIOs call this “verification theater” because it pretends to verify but it actually doesn’t do a great job. Increasingly, adult sites are requiring users to upload some form of government ID such as a passport that can be checked against a database. Some companies may also put a small charge on the user’s credit card to make sure it is legitimate, then reverse the fee. Others use tools to check a mobile phone’s registration information, which contains the age of the user. All these methods have varying success, but so far none have mastered a combination of privacy, efficiency and affordability yet.

CIOs who want to protect anonymity are creating age tokens, such as a QR code, that users can provide to merchants’ sites without giving out additional personal information. CIOs at some of the biggest online companies are turning to artificial intelligence to estimate age without requiring additional data. Last year, Meta Platforms outlined its use of AI to continually cross-check accounts on both its Facebook and Instagram sites for information that can belie or confirm a user’s age. YouTube is using machine learning to automatically block younger viewers from certain videos. If a video has been determined by the machine-learning tool or a human censor to be for viewers over 18, YouTube will ask a user to sign into their Google account.

Some CIOs are offering AI verification as a service – this could be a potential solution for small companies that don’t have the technical and financial capabilities to implement their own age verification systems. Sites that use facial analysis to estimate age seem to be the best at balancing privacy, efficiency and affordability, according to research. To be sure, there can be technology hiccups. Still, the systems will likely only get better with more data and improving technology.

What All Of This Means For You

On top of everything else that a CIO is being asked to do, it turns out that the company needs our help in making sure that only the right types of users are accessing our company’s web site. In order to make sure that visitors to our web sites are old enough to view the content, we have to verify the age of the user. This opens a number of challenges for CIOs. Any data that we collect in order to perform an age check could be leaked and that could cause a lot of problems. What’s the right way for CIOs to implement age verification checks?

Pressure on CIOs to improve how they verify a user’s age is coming from a variety of different sources. The problem that we’re facing is that if we use driver’s licenses or credit cards to verify ages, then we are setting ourselves up to have data leaks. CIOs are implementing AI tools to create “age gating” web sites to limit who can gain access to the sites. Simply asking users how old they are is not viewed as being an effective technique to check a user’s age. Age tokens are another way to verify a user’s age. Large firms are implementing machine learning algorithms to determine a user’s age. In the future, age verification may become a service that is offered to smaller firms.

There is no question that making sure that only users who are old enough should be permitted to access online content that has been created for them. CIOs are the ones who are going to have to create effective means to keep younger users out. We need to understand that collecting any sort of personal data can only lead to potential data storage headaches. What is needed is a way to verify a user’s age simply by looking at them. This is where AI is going to have to step in and help CIOs out. We may not be there yet, but CIOs are implementing the tools that will allow accurate age verification in the future.

– Dr. Jim Anderson Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: How can CIOs make sure that younger users are not able to fool their age verification system?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

One of the things that a CIO has to do is to deal with a long list of complaints from users about how the company’s technology works. Fairly high on this list at most companies is the problem with password lockouts. You know what I’m talking about. In our quest to keep the company’s systems secure, we’ve implemented policies that lock users out after a certain number of incorrectly entered passwords. We’re trying to do the right thing, but is there a better way?