Age-verification technology is not ready for prime time, which is the first and most fundamental problem with the proposals that rely on it. The technology either lacks accuracy or deeply invades privacy. For example, France has been eager to mandate age verification and is moving ahead with its plans to do so. However, its own data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), evaluated existing age-verification models for accuracy, coverage of enough people, and respect for privacy and security and found that “there is currently no solution that satisfactorily meets these three requirements.” The CNIL instead calls for the development of better technology. This means that no accurate model for age verification exists that protects users, as said by people who desperately want it to exist.

The CNIL report also reads, “the move towards a closed digital world, where individuals are encouraged to register mainly in authenticated universes (via the creation of user accounts) to avoid a multiplication of identity or identity attribute verifications (age, address, diplomas, etc.) presents significant risks for the rights and freedoms of individuals, which need to be taken into account.” The report further notes that virtual private networks (VPNs) can be used to bypass certain means of age verification, and, indeed, in the United Kingdom, “23% of minors say they can bypass blocking measures and some pornographic content publishers already offer VPN services.” The CNIL does not condemn the use of VPNs generally and notes that they have an important role in protecting user privacy. 

Those who will do the work of verifying age admit the issue, even if accidentally. The Age Verification Providers Association touts its privacy and identity-protecting technology that will simply scan your face to verify your age. As the International Association of Privacy Professionals reported, “Big Brother Watch said using facial recognition software to estimate an individual’s age ‘inherently puts people’s privacy at risk.’” It is clear: Those with the most desire to verify age and those who do the work of verification are saying that the current technology will either verify your age poorly or do so in an allegedly accurate way that deeply invades our privacy. 

Most American legislation to verify the age of users has erred toward accuracy—which makes sense, as the goal of the legislation is to verify age correctly. But to confirm the age of users more accurately, extremely invasive measures are necessary. This would mean that users must submit to biometrics such as face scanning or provide government IDs. Consider legislation such as the “Protecting Kids on Social Media Act,” introduced in April of 2023. It requires that social media platforms either take “reasonable steps beyond merely requiring attestation” to verify the age of account holders or that platforms participate in the age verification pilot program. It also reads that “[n]othing in this section shall be construed to require a social media platform to require users to provide government-issued identification for age verification.” This is little comfort when facing the reality of the technology.

Furthermore, even government ID as age verification has its limitations. Depending on the precise method of verification, underage users may simply need to acquire their parents’ government ID. And that’s not very difficult. A similar point regarding the inefficacy of age verification via credit cards was addressed 20 years ago in court cases. “[B]ecause payment card issuers prohibit the use of their credit or debit cards to verify age and because a significant number of minors have access to payment cards, such cards are not an effective age verification device,” wrote the district court in American Civil Liberties Union v. Gonzales.

The knowledge that children memorize their parents’ credit card information even appears in episodes of South Park in 2018 and The Simpsons as far back as 2001. In these episodes, characters Eric Cartman and Bart and Lisa Simpson, respectively, have no problem reading off their parent’s credit card numbers. If parents’ government IDs become useful in the same way that parents’ credit cards are, children can easily memorize their parents’ government ID information and keep pictures of it handy.

Additionally, the largest age-verification provider, AgeID, is run by PornHub’s parent company. Assuming many elected officials are concerned about pornography companies generally, this arrangement is not ideal.

Age-verification technology is full of problems around accuracy, functionality and privacy. Until the technology develops into a more useful and less-intrusive form, legislators ought not to mandate it with the force of law.

This is part of the series: “The Fundamental Problems with Social Media Age-Verification Legislation.”

Get smart quick: Sign up for technology policy right in your inbox.