Paper: Exploring Privacy in ID-Based Age Verification Architectures
slides-agews-paper-exploring-privacy-in-id-based-age-verification-architectures-00

Sarah Scheffler and Shuang Liu

This submission argues for the following points, gleaned from our team’s ongoing research in applied cryptography and policy analysis of age verification based on identity documents (IDs):

1. Standards should prioritize age verification methods that transmit less information, share sensitive information with fewer entities, and allow users more control over which entities to share sensitive information with;
2. The most privacy-preserving methods for ID-based age checking that maintain verifiability are trusted notaries (often called selective disclosure or trusted attestation in the context of age or credential verification) or cryptographic zero-knowledge proofs – we discuss these in the body;
3. Sensitive private information is not limited to the content of the ID;
4. When presenting credentials in a privacy-preserving way, holders should know what information they are sending;
5. Standards should take a broad definition of “identifying information”; and
6. Standards should encourage purpose restriction and deletion of information collected during age verification as a best practice.