Age Verification: Reaching a Tipping Point
-
Upload
rachel-oconnell -
Category
Technology
-
view
1.102 -
download
1
description
Transcript of Age Verification: Reaching a Tipping Point
![Page 1: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/1.jpg)
AGE VERIFICATION: REACHING A TIPPING POINT
SSSSSDr. RACHEL O’CONNELLISSE CONFERENCE, 2013.
![Page 2: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/2.jpg)
BACKGROUND• Research Consultant • Oxford Internet Institute:
– Effective Age Verification Techniques: Lessons to be Learnt from the Online Gambling Industry
• Ctrl_Shift– A market analyst and consulting business
• Member of OIX and the GSMA’s UK Assured legal working group• Led the UK Council for Child Internet Safety (UKCCIS) project group on age
verification and report back to minsters on an annual basis. • Advisor to commercial organisations on both the policy requirements and
business opportunities associated with identity management and age verification
• Co-founder of GroovyFuture.com.
![Page 3: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/3.jpg)
AREAS COVERED• The 2008 perspective and the artificial divide• Catalysts and Tipping Points: Pit stop in 2013 and a 2020 horizon scan • Emergence of a data driven economy:
– Trust Frameworks– Electronic ID – NSTIC – Minors Trust Framework ($1.6m)– Mobile ID – alpha projects, introduction of age verification into payment protocols– Digital economy – disruption in the payments sector, sub-accounts– Internet of Things – – Personal Data Empowerment Tools and Services – Quantified self
• E-ID ecosystem, IDAAS, IDPs, Attribute Exchanges– Business use cases: ROI– Sources of attributes– Opportunities and challenges
![Page 4: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/4.jpg)
2008 View of Age Verification• Burdensome compliance cost• Little or no elevation in assurance• Open to repudiation• Privacy concerns• No viable commercial or liability
models• Not scalable, absence of standards• Not an effective means to mitigate
risks• Barrier to innovation
![Page 5: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/5.jpg)
Artificial Divide• ID and age verification – lessons from the evolution of data bureaus and
CRA’s to meet specific business sector needs• Lack of access to datasets not only about children and young people but
also the unbanked – thin files.• Assumption that under 18’s had limited purchasing power• Data sources: Government, schools, banks• COPPA requirements: Permissioned access – sites excluded young people
aged 12 and below (to difficult box)• Struggle to identify business cases with a clear ROI – not seen as a
business enabler
![Page 6: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/6.jpg)
![Page 7: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/7.jpg)
CATALYSTS AND TIPPING POINTS
![Page 8: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/8.jpg)
IINTERNET OF THINGS
E-COMMERCEDATA DRIVEN ECONOMY
DIGITAL IDMOBILE ID
PDETS
NASCENT INTEROPERABLE ECOSYSTEMS
![Page 9: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/9.jpg)
• Electronic identity ecosystems are a key enabler of the “digital economy”
• NSTIC aims to enable “Individuals and organizations [to] utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.”
• Provide scalable, privacy preserving, commercially viable, privacy preserving permissioned use of attributes.
• STORK
• Proposed regulation
• Alpha project – retailers
• Reducing the barriers to permissioned use of age attributes
ELECTRONIC ID
![Page 10: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/10.jpg)
MINOR’S TRUST FRAMEWORK
![Page 11: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/11.jpg)
MOBILE ID• Mobile ID – GSMA/ OIX Commercial Trust Framework• SIM-based digital authentication solution • Embedded SIM/MIM – Machine Identification Modules• With the huge market potential and demand stimulated by immense
traffic from trillions of connected devices, the Internet of Things provides operators with the means to expand their service portfolios and increase revenues.
![Page 12: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/12.jpg)
12
ASSURED UK
Assured UK is a collaborative forum established to develop a personal data and identity attribute exchange marketplace
It encompasses the whole ecosystem
Banking
Retailers
Mobile Network Operators
Identity experts
Government
![Page 13: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/13.jpg)
VISION
Establish a secure and trusted marketplace that enables consumers to control, share and benefit from their digital identities and personal information
1. The consumers interests are uppermost and at all times the individual controls storage and exchange of data
2. We will seek to reuse existing standards work where ever possible and align with the work of UK government.
3. We will seek to enable the maximum product and business model diversity, consistent with inter-working between participants.
PRINCIPLES
![Page 14: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/14.jpg)
OBJECTIVES
Define an end-2-end framework and pilot use case by year end
a) Architect standards for identity attribute verification and authentication
b) Define a permissions system for the exchange of those attributes c) Develop a legal framework that will facilitate the interoperability
between different players in the ecosystem, while ensuring users’ data protection and privacy, encompassing:
i. Risk & Liability flowsii. Auditing framework iii. Privacyiv. Regulatory compliance
d) Establish and prove a commercial model for identity attribute exchange
e) Pilot and demonstrate efficient marketplace for digital identity and attributes
![Page 15: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/15.jpg)
• Trust is central to the operation of a data driven economy.
• Trust is crucial in the context of delivery and consumption of electronic interactions between parties including consumers, governments and the private sector.
• In order to both provide and benefit from digital services, companies, public administrations and consumers need to distinguish between trusted and non-trusted counterparts online; they also need to be recognised as trusted parties themselves.
• A trust framework can reduce the need to negotiate a multitude of individual commercial contracts.
TRUST FRAMEWORKS
![Page 16: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/16.jpg)
TRUST FRAMEWORKS: E-ID, COMMERICIAL (MOBILE ID),INTERNET of THINGS, PDETS
![Page 17: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/17.jpg)
INTERNET OF THINGS• Education • Assert trusted credentials (LoA)• Recognise trusted intermediaries
(accreditation)• Quantified self - Databetes• Convenience, security• Active participants
![Page 18: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/18.jpg)
IoT INFORSEC AND TRUST• Inofsec properties of the IoT are often
difficult to understand for its users, because they are hidden in pervasive systems and small devices manufactured by a large number of vendors.
• Trustworthiness, security functions and privacy implications are vast, and must be assessable to users and consumers.
• uTRUSTit enables system manufacturers and system integrators to express the underlying security concepts to users in a comprehensible way, allowing them to make valid judgments on the trustworthiness of such systems.
![Page 19: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/19.jpg)
PDETS TRUST FRAMEWORKS
• Forging new social contracts• The Respect Trust Framework is designed to give
individuals control over the sharing of their personal data on the Internet.
• Mydex, the personal data store and trusted identity provider, has also had its “Mydex Trust Framework” listed by the Open Identity Exchange.
• Connet.me has had its Trust Model and Business Model for Personal Data listed by OIX
• The Personal Network: A New Trust Model and Business Model for Personal Data
• Access to data that companies make available and authoritative personal data sources – university exam results
![Page 20: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/20.jpg)
GOVERNANCE AS A SOFTWARE SERVICE
• ID³ believes, governance principles should be expressed as software that is then able to evolve to incorporate advances in technology and to support changing market and societal requirements.
• Using these tools, people will be able to ensure the privacy of their personal information, leverage the power of networked data, and create new forms of online coordination, exchange and self-governance.
• They will be able to forge new “social contracts” and participate in new types of legal and regulatory systems for managing organizations, markets and their social and civic lives. These systems will conform to both international legal standards and to the specific social norms and priorities of its members.
![Page 21: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/21.jpg)
IINTERNET OF THINGS
E-COMMERCEDATA DRIVEN ECONOMY
DIGITAL IDMOBILE ID
PDETS
NASCENT ECOSYSTEMS: Sources and Consumers of Verified and Permissioned Identities and Attributes
![Page 22: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/22.jpg)
• E-ID e.g. Spain, NEM ID• WAYF, SAML• Mobile operators - International student card• Banks• Government issued ID docs – Secure key• Digital Life Data – Trulioo• Personal Data Empowerment Tools and Services• Biometrics • OCR• Traditional data bureaus and CRA’s
DATA SOURCES: Permissioned AttributesPit stop 2014 -2015
![Page 23: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/23.jpg)
BUSINESS NEEDS: • COPPA 2.0 – email Plus• 20-40% of email+ emails end up in
Spam folders• Freemium model• Permission dashboard – set spending
limits – • Enable self-regulatory measures –• ROI
• Omni-channel retailers• Payment providers• Alcohol• Advertising industry - broadcast
versus engagement
![Page 24: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/24.jpg)
BENEFITS• Permissioned use of attributes (includ. age)
– Higher levels of customer acquisition – Trust elevation – LOA’s
• Remote on-boarding
– Differing levels of assurance
• Tailored to meet business rules – Low integration costs – Modular, highly configurable– Scalable, viable low cost– Reusable tokens– UX– Reputation, foster brand loyalty
![Page 25: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/25.jpg)
LOOKING TO THE FUTURE• A greater variety of data sources will be accessible and permissioned, these can be cross
checked and an assurance level/ risk profile calculated to meet specific business rules. • Granularity with respect to permissions (e.g. time stamped - miicard) and user centric
controls• Artificial barriers removed – young people will be enabled to become active participants
in the digital economy, internet of things, manage their personal data• New social contracts will be forged• Business development and ROI opportunities• Many other benefits..• Challenges • Information security• Threat vectors – bad actors, untrustworthy intermediaries• Scale of potential unintended consequences• Roles and responsibilities of regulators• Managing the processes of accreditation, oversight, redress
![Page 26: Age Verification: Reaching a Tipping Point](https://reader033.fdocuments.in/reader033/viewer/2022061120/5466b7e0af7959f1238b4f71/html5/thumbnails/26.jpg)
THANK YOU FOR LISTENING
[email protected]: @racheloconnellwww.GroovyFuture.com
HAPPY TO ANSWER ANY QUESTIONS?