Statement on Age Verification - International Centre for Missing & Exploited Children

Alexandria, VA (June 27, 2024) — The International Centre for Missing & Exploited Children (ICMEC) calls on global governments, industries, and NGOs to enhance child protection through device-level age verification, ensuring a safer digital world for children.

The International Centre for Missing & Exploited Children (ICMEC) strives to influence and inspire the global community across governments, industries, and non-governmental organizations to do what is needed to protect children from online sexual exploitation and abuse and to safeguard them from harm. We strongly believe the best way for ICMEC to serve children is to actively engage with policymakers, law enforcement, and industry leaders who are genuinely committed to practical solutions for building a safer world for all children.

Age verification is a critical component in efforts to safeguard children, enhance online safety, and maintain ethical and legal standards in the digital era. Age verification measures make it challenging for children to access harmful content, serving as both a protective barrier and a deterrent against intentional and unintentional exposure. Together with strong trust and safety efforts, robust content moderation, and the use of protection technologies, age verification is a key component of a multi-faceted approach that companies can employ to better protect and safeguard children.

Age verification laws must be designed primarily to protect children from harm, while also avoiding unintended consequences that could prove harmful to children. These laws must prioritize child safety but also consider the implications for adult internet users, ensuring that rights to speech, expression, and privacy are balanced with the need to protect children. ICMEC is concerned that website-based age verification mandates do not adequately address these concerns.

Our concerns over website-based age verification mandates stem from several key issues. Firstly, the technology for effective age verification on websites is not sufficiently developed, making enforcement across diverse jurisdictions impractical. This could lead companies, especially smaller companies with more limited resources, to either minimally comply or not comply at all, while children can easily bypass protections using a virtual private network (VPN). Secondly, these mandates may inadvertently drive children towards more dangerous online environments, both on the clear and dark web. Lastly, there are concerns about the significant infringement on adult rights, particularly regarding privacy, speech, and expression, which could hinder efforts to implement effective child protection measures.

Instead, we believe that device-level age verification offers a comprehensive solution that an be integrated into the overall security infrastructure of a device, reducing the complexity and inefficiency of implementing website-specific verification mechanisms. Device-level age verification also gives parents and caregivers oversight of their child’s online activities, thereby creating a secure online environment based on age appropriateness. Device-based age verification ensures consistency, efficiency, and heightened security and facilitates a controlled and safer online environment for children.

Device-based age verification offers a better alternative through:

Ease of Implementation: Effective device-based age verification technology already exists. Parental controls are readily accessible across all major operating systems,
and advanced technology for device-based content filtering is available, offering even greater effectiveness.
Consistency and Standardization: Enforcement of device-based age verification mandates is realistic. It offers a standardized method across various websites, platforms, and services, ensuring consistency in content restrictions. This approach establishes a unified, efficient, and effective system, contrasting with the impracticality and inconsistency of website-level mandates alone. Enforcement of device-based age verification is streamlined, and jurisdictional issues are mitigated by focusing on the jurisdiction where the device is sold.
Greater Security: Device-based age verification avoids harmful unintended consequences of website-based mandates. It cannot be circumvented by children using VPNs or TOR to mask IP addresses.
Default Protection: Device-based age verification brings unintended benefits. Beyond protecting children within the mandate’s jurisdiction, requiring age verification at the device level extends protection to children worldwide. When age restrictions are default settings on devices, children whose parents or caregivers may not be actively involved or familiar with varied app-specific processes for activating protective controls, are automatically covered and have protection in place.
Enhanced Privacy: Device-based age verification imposes significantly fewer restrictions on users’ rights. Providing identifying information to a single operating system poses less security and privacy risk compared to sharing this information across multiple websites.
Parental Responsibility: Device-based age verification empowers parents and caregivers by providing default protections and enabling robust parental oversight. Implementing age restrictions at the device level supports parental responsibility to supervise their child’s online activities, fostering a controlled and secure online environment that aligns with age appropriateness.

ICMEC strongly advocates for a device-level approach to age verification as an effective means to protect and safeguard children, especially when combined with other measures including trust and safety, content moderation processes, and other protective technologies. By integrating age verification mechanisms into the operating system of a device, users can be designated for enhanced protections across all applications used on that device.

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid	30 minutes	Stripe sets this cookie cookie to process payments.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
ts	3 years	PayPal sets this cookie to enable secure transactions through PayPal.
ts_c	3 years	PayPal sets this cookie to make safe payments through PayPal.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
__Secure-YEC	1 year 1 month	No description
DEVICE_INFO	5 months 27 days	No description
m	2 years	No description available.